1
0
Fork 0
Commit Graph

3652 Commits (0510af7b9dd69b256f6c7f38c1cacc343af0ab84)

Author SHA1 Message Date
Fabien Potencier ab4e3fbf86 fixed time parsing when the composer.lock file has an old time format 2013-02-19 19:42:59 +01:00
Jordi Boggiano 9dfdc86292 Rephrase package not found troubleshooting entry 2013-02-19 16:18:45 +01:00
Jordi Boggiano 7620541c27 Merge remote-tracking branch 'pscheit/patch-1' 2013-02-19 16:11:58 +01:00
Jordi Boggiano 97fdcd7207 Clarify tilde operator docs 2013-02-19 16:11:49 +01:00
Jordi Boggiano 5a484cb3a9 Make sure target-dir plays well with classmap and files autoload, for root and deps, refs #1550 2013-02-19 15:23:43 +01:00
Jordi Boggiano ab1256e135 Merge remote-tracking branch 'cmodijk/master' 2013-02-19 14:21:31 +01:00
Jordi Boggiano 518253e150 Show proper repo information and not always the default ones 2013-02-19 11:54:20 +01:00
Jordi Boggiano 8ac4b649c3 Merge remote-tracking branch 'gerryvdm/master'
Conflicts:
	src/Composer/Command/ShowCommand.php
2013-02-19 11:42:15 +01:00
Jordi Boggiano b7b1a1eab6 Merge remote-tracking branch 'igorw/patch-5' 2013-02-19 11:33:06 +01:00
Jordi Boggiano 087bc44f44 Update deps 2013-02-18 23:32:56 +01:00
Jordi Boggiano b4d691e46d Add test for escape sequences 2013-02-18 22:13:54 +01:00
Igor Wiedler c1a4e5d43b Add curl -sS everywhere 2013-02-18 17:56:13 +01:00
Igor Wiedler ce7a75fe03 Display SSL errors
`curl -s` not only hides the progress bar, it also hides errors. `-S` makes the errors show up again.
2013-02-18 17:51:12 +01:00
Jordi Boggiano e348642aa7 Fix json manipulator handling of escaped backslashes, fixes #1588 2013-02-18 17:27:43 +01:00
Jordi Boggiano 1e15edc43d Fix repository test 2013-02-18 08:34:23 +01:00
Jordi Boggiano 4615ded35e Merge pull request #1592 from shama/faq-installers
Recommend actual version as constraint with installers.
2013-02-17 23:14:38 -08:00
Kyle Robinson Young 94a708cfc5 Recommend actual version as constraint with installers. Ref composer/installers#58. 2013-02-17 16:54:29 -08:00
Jordi Boggiano 940c2a079d Show failures more clearly in test setup 2013-02-16 00:15:18 +01:00
Jordi Boggiano 2e12993c9c Make selfupdate use ssl when possible 2013-02-15 23:55:20 +01:00
Jordi Boggiano d4fb7bd251 Substract 1char from the width to avoid blank lines in the output on windows 2013-02-15 14:23:08 +01:00
Jordi Boggiano 211ca0c826 Merge remote-tracking branch 'KingCrunch/pretty-show' 2013-02-15 14:19:35 +01:00
Jordi Boggiano c55c9e4e8d Use strtr instead of str_replace 2013-02-15 12:54:33 +01:00
Jordi Boggiano 79163023fc Merge remote-tracking branch 'johnstevenson/backslash-fix' 2013-02-15 12:53:50 +01:00
Sebastian Krebs b5c7d97e8c Pretty "show"-command 2013-02-15 12:17:39 +01:00
Eric Daspet a8a99cee24 Fix RepositorySecurityException class name 2013-02-15 09:52:31 +01:00
johnstevenson a2525c8fbe Replace backslashes in Window directories for config --list 2013-02-14 23:12:24 +00:00
Jordi Boggiano 625e174f76 Update deps & changelog format 2013-02-14 17:14:46 +01:00
Eric Daspet 59f8be3b92 Throw Exception on broken signature
This is related to issue #1562

With a fresh installation of Composer I had the following message:

> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.

This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.

*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.

This is a *serious* security issue.

The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states

```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````

Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.

Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
Cliff Odijk 5127fe8359 added type check to autoloader fixes #1504 2013-02-14 00:10:18 +01:00
Jordi Boggiano 2b36f61596 Use full hash in version information of dev phars, fixes #1502 2013-02-13 14:32:50 +01:00
Jordi Boggiano 97dfbefa72 Add support for arbitrary values for the references in version constraints 2013-02-13 13:26:27 +01:00
Jordi Boggiano 80c18db694 Fix tests 2013-02-13 12:59:16 +01:00
Jordi Boggiano 17a5bdf162 Normalize github URLs generated by the GitHubDriver, fixes #1551 2013-02-13 12:55:14 +01:00
Jordi Boggiano 94e99b9c8b Update docs, config command and schema with all the config values 2013-02-12 11:16:52 +01:00
Jordi Boggiano 5165008be7 Merge remote-tracking branch 'pierredup/master' 2013-02-12 10:17:49 +01:00
Jordi Boggiano dd372e7635 Add explicit return 2013-02-12 10:14:44 +01:00
Jordi Boggiano 8ab5ef430a Merge remote-tracking branch 'bamarni/require-command-rollback' 2013-02-12 10:13:29 +01:00
Jordi Boggiano f98f093f7b Minor code reformatting and error message clarification 2013-02-11 22:55:14 +01:00
Jordi Boggiano 8bcb442d2b Merge remote-tracking branch 'romainneutron/zip-downloader' 2013-02-11 22:53:26 +01:00
Jordi Boggiano 1dd7700fc2 Capture output of the rm command 2013-02-11 22:52:06 +01:00
Jordi Boggiano 2d40e14985 Try twice to remove a directory on windows because sometimes it fails due to temporary locks 2013-02-11 22:51:24 +01:00
Gerry Vandermaesen 77290069a2 Added option to only show package names
Added the --name-only (-N) option to the show command to only list
package names (and exclude version and description).

This is useful to produce a list of package names to be parsed by
a shell script for example (bash completion comes to mind).
2013-02-11 16:13:43 +01:00
Gerry Vandermaesen 2552f4c65e Added option to only show available packages
Added the --available (-a) option to the show command to only list
the available packages, similar to the --installed and --platform
options.

Additionally changed the output formatting when limiting the
package result to remove the hierarchy when only one type is being
showed. This facilitates parsing of a list of packages (for example
for shell scripting and completion).
2013-02-11 16:05:13 +01:00
Jordi Boggiano 908d2d91da Fix case insensitive matching 2013-02-11 11:52:50 +01:00
Jordi Boggiano 432955e0ae Fix github url escaping, raw.github.com doesnt like escaped slashes 2013-02-11 09:34:50 +01:00
Pierre du Plessis 255c0be7fc Added tests for include path flag 2013-02-04 10:12:41 +02:00
Bilal Amarni ae9a001053 RequireCommand - check if composer.json is writable 2013-02-02 10:49:32 +01:00
Jordi Boggiano aa1c09380d Merge pull request #1544 from webfactory/issue_1499
Avoid unnecessary sorting changes in the composer.lock
2013-02-01 14:37:12 -08:00
Bilal Amarni 99e4173b3d RequireCommand - rollback if it fails (fixes #1469) 2013-02-01 10:24:05 +01:00
Romain Neutron 72d4bea89e Change strategy for ZipDownloader
Try to use unzip command-line before ZipArchive as this one does not correctly handle file permissions whereas unzip does.
2013-01-31 10:57:59 +01:00