public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
6,469 Commits
3 Branches
210 Tags
54 MiB
Commit Graph

197 Commits (11daebcb3a5525bfd9f494c37e5e6e7c8e4fb0d6)

Author SHA1 Message Date
Jordi Boggiano 31dcc0bdea Merge branch '1.0' 2016-04-19 15:44:38 +01:00
Jordi Boggiano 1bf711fe1f Guard against mbstring func_overload, fixes #5218 2016-04-19 15:44:13 +01:00
David Zuelke d716c73333 fail download on content-length mismatch 2016-04-18 20:42:38 +01:00
Jordi Boggiano 765a958c42 Merge pull request #5137 from dzuelke/rfs_conlen 
Fail download on content-length mismatch
 2016-04-11 17:03:58 +01:00
Jordi Boggiano b1723644e0 Use extracted ca-bundle package 2016-04-11 16:33:29 +01:00
Jordi Boggiano e2056499cb Avoid open_basedir warnings on is_dir() calls when probing for CABundle 2016-04-11 08:45:25 +01:00
David Zuelke 5dd4d69a6d fail download on content-length mismatch 2016-04-01 01:36:05 +02:00
Niels Keurentjes 49524bc4ba Centralize secure-http checking 2016-03-28 22:01:32 +02:00
Jordi Boggiano 37a1e12672 Mark failed downloads as failed instead of 100% complete, fixes #5111 2016-03-27 17:14:51 +01:00
Jordi Boggiano 4cc719cab3 Add support for SSL_CERT_DIR and openssl.capath, fixes #5017 2016-03-07 13:07:02 +00:00
Jordi Boggiano e94066967c Add debugging info about proxy usage, refs #4332 2016-03-02 18:28:44 +00:00
Niels Keurentjes f794ee7870 Fixes for implicit variable declarations, return type mismatches and invalid method declarations. 2016-02-27 23:39:57 +01:00
Jordi Boggiano cb59cf0c85 Allow exception to secure-http for packagist provider files and add docs, refs #4907 2016-02-25 12:36:09 +00:00
cinamo b6b416111e Fixed http check 2016-02-11 14:46:38 +01:00
cinamo 4f5b4aff9c Undid CS changes 2016-02-11 14:29:37 +01:00
cinamo da44f46b9c Code style fixes 2016-02-11 14:17:45 +01:00
cinamo ef60478926 Added secure-http flag, defaults to true 2016-02-11 14:15:03 +01:00
Jordi Boggiano 09a6a19257 Avoid decoding gzip responses after a redirect, fixes #4897 2016-02-10 15:24:49 +00:00
Jordi Boggiano 49d7d65933 Add verbosity input support to IOInterface 2016-01-29 10:14:12 +00:00
Jordi Boggiano ae14e0f086 Add ssh2 protocol default ports, fixes #4835 2016-01-26 16:53:41 +00:00
Jordi Boggiano 1818b95149 CS fixes 2016-01-26 13:07:18 +00:00
Jordi Boggiano 5c944d45ac Merge pull request #4827 from curry684/issue-4203 
Added more graceful warning suppression utility
 2016-01-26 12:31:18 +00:00
Jordi Boggiano fff5074bbf Fix additionalOptions getting dropped when SAN and redirect handling are combined, refs #4782 2016-01-26 10:44:06 +00:00
Niels Keurentjes 76c1645a0e Merge remote-tracking branch 'upstream/master' into issue-4203 2016-01-25 23:38:13 +01:00
Niels Keurentjes 18cd4f966b Added silencer utility to more gracefully handle error suppression without hiding errors or worse. Fixes #4203, #4683 2016-01-25 23:37:54 +01:00
Jordi Boggiano bdb97e7527 Reuse new TlsHelper for CA validation, refs #4798 2016-01-25 19:17:56 +00:00
Jordi Boggiano 1ea810d40b Merge remote-tracking branch 'cs278/san-support' 2016-01-25 18:53:45 +00:00
Jordi Boggiano 78ffe0fd08 Avoid checking CA files several times 2016-01-25 18:34:52 +00:00
Jordi Boggiano 901e6f1d0e Fix output and handling of RFS::copy() and extract redirect code into its own method, refs #4783 2016-01-25 17:55:29 +00:00
Jordi Boggiano a574d5ef76 Merge remote-tracking branch 'cs278/follow-redirects' 2016-01-25 17:26:05 +00:00
Chris Smith b32aad8439 Do not set TLS options on local URLs 2016-01-24 19:10:11 +00:00
Chris Smith 74aa73e841 The origin may not be the remote host 2016-01-24 19:09:35 +00:00
Chris Smith 304c268c3b Tidy up and general improvement of sAN handling code 
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
  CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
  testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
  fix backported.
 2016-01-24 19:02:50 +00:00
Chris Smith 7e2a015e9b Provide support for subjectAltName on PHP < 5.6 2016-01-24 19:02:29 +00:00
Rob Bast d6be2a693b switch to array-replace-recursive 2016-01-22 14:27:08 +01:00
Rob Bast 2393222826 more appropriate name 2016-01-22 09:20:43 +01:00
Rob Bast 474541e9aa apply comments 
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
    to avoid permission errors as much as possible
 2016-01-22 09:14:37 +01:00
Chris Smith 33f823146b Account for ports in URL 2016-01-22 01:48:16 +00:00
Chris Smith 34f1fcbdcb Drop downgrade warning 2016-01-22 01:47:05 +00:00
Rob Bast c232566e52 add a hash to make sure CA file gets recreated if the content changes 2016-01-21 16:02:44 +01:00
Rob Bast cef97904d0 dont rewrite temp CA file if it already exists 
and make it readable by everyone the first time we create it
 2016-01-21 15:07:51 +01:00
Rob Bast 4482a1dca0 also wrong array 2016-01-20 21:53:49 +01:00
Rob Bast f79255df29 make sure passed options are merged into defaults before checking 2016-01-20 21:35:06 +01:00
Rob Bast 94947ee772 merge isset() calls 2016-01-20 21:29:55 +01:00
Rob Bast b95b0c2ab6 wrong array 2016-01-20 21:27:26 +01:00
Rob Bast 008cce8d85 add back sanity checks 2016-01-20 21:24:13 +01:00
Rob Bast c1488f65bf a quick stab at adding capath 2016-01-20 21:20:18 +01:00
Chris Smith dd3216e93d Refactor to use new helper methods for headers 2016-01-19 22:19:17 +00:00
Chris Smith 8a8ec6fccc Too many redirects is not an error in PHP, return the latest response 2016-01-19 22:06:38 +00:00
Chris Smith 33471e389f Pass redirect count using options 
Removing the risk it might be preserved between requests.
 2016-01-19 22:06:27 +00:00