Fix secure-http check to avoid bypass using emojis
parent
f3e877a80e
commit
fa3b9582c3
|
@ -584,8 +584,8 @@ class Config
|
||||||
*/
|
*/
|
||||||
public function prohibitUrlByConfig(string $url, ?IOInterface $io = null, array $repoOptions = []): void
|
public function prohibitUrlByConfig(string $url, ?IOInterface $io = null, array $repoOptions = []): void
|
||||||
{
|
{
|
||||||
// Return right away if the URL is malformed or custom (see issue #5173)
|
// Return right away if the URL is malformed or custom (see issue #5173), but only for non-HTTP(S) URLs
|
||||||
if (false === filter_var($url, FILTER_VALIDATE_URL)) {
|
if (false === filter_var($url, FILTER_VALIDATE_URL) && !Preg::isMatch('{^https?://}', $url)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -294,6 +294,7 @@ class ConfigTest extends TestCase
|
||||||
'http://packagist.org',
|
'http://packagist.org',
|
||||||
'http://10.1.0.1/satis',
|
'http://10.1.0.1/satis',
|
||||||
'http://127.0.0.1/satis',
|
'http://127.0.0.1/satis',
|
||||||
|
'http://💛@example.org',
|
||||||
'svn://localhost/trunk',
|
'svn://localhost/trunk',
|
||||||
'svn://will.not.resolve/trunk',
|
'svn://will.not.resolve/trunk',
|
||||||
'svn://192.168.0.1/trunk',
|
'svn://192.168.0.1/trunk',
|
||||||
|
|
Loading…
Reference in New Issue