public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Remove code preventing protocol downgrades

pull/4783/head
Chris Smith 2016-01-17 19:43:08 +00:00
parent ce1eda25f3
commit ffab235edd
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/Composer/Util/RemoteFilesystem.php
View File

@ -331,14 +331,15 @@ class RemoteFilesystem
throw $e;
}
if ('http' === parse_url($targetUrl, PHP_URL_SCHEME) && 'https' === $this->scheme) {
// Do not allow protocol downgrade.
// TODO: Currently this will fail if a request goes http -> https -> http
$e = new TransportException('The "'.$this->fileUrl.'" file could not be downloaded, not permitting protocol downgrade');
$e->setHeaders($http_response_header);
$e->setResponse($result);
throw $e;
}
// TODO: Disabled because this is (probably) different behaviour to PHP following for us.
// if ('http' === parse_url($targetUrl, PHP_URL_SCHEME) && 'https' === $this->scheme) {
// // Do not allow protocol downgrade.
// // TODO: Currently this will fail if a request goes http -> https -> http
// $e = new TransportException('The "'.$this->fileUrl.'" file could not be downloaded, not permitting protocol downgrade');
// $e->setHeaders($http_response_header);
// $e->setResponse($result);
// throw $e;
// }
if ($this->io->isDebug()) {
$this->io->writeError(sprintf('Following redirect (%u)', $this->redirects));