10a7008fdf
Trim query string from extension when downloading archives
2013-03-21 15:30:00 +01:00
61efd2998c
Clear stat cache after calling filesystem commands
2013-03-21 15:21:54 +01:00
7e4ca7638c
Remove support for deprecated lock format
2013-03-17 19:50:56 +01:00
d929a0813a
Prepend the ClassLoader autoloader to avoid calling other previously registered autoloaders, fixes #1699
2013-03-16 16:14:55 +01:00
979db8539d
Do not chdir unless necessary
2013-03-15 15:21:22 +01:00
57fe33d0f3
Make sure the directory is empty even if weird inputs are given, fixes #1683
2013-03-11 14:02:49 +01:00
c13d6301f9
Merge pull request #1681 from beberlei/GH-1591#2
...
[GH-1591] More fixing of Installation on Windows Azure. Renaming between...
2013-03-11 02:21:10 -07:00
0d06eb1f9a
Avoid overwriting existing windows .bat proxies if they were provided by the package
2013-03-11 10:13:45 +01:00
d81740ab7d
Fix authorization/authentication merge, fixes #1684
2013-03-11 10:04:45 +01:00
882ce1b39f
[GH-1591] More fixing of Installation on Windows Azure. Renaming between different partitions + xcopy fail, so we need to copyAndRemove() manually.
2013-03-10 20:17:00 +01:00
ee60df708d
Handle stability changes correctly, fixes #877
...
On update, packages that are less stable than the minimum-stability allows will
now be downgraded to their correct versions, even if they were installed as
unstable already.
2013-03-10 19:55:26 +01:00
c9f0e458a2
Merge remote-tracking branch 'machee/gitUserPassNonGithub'
...
Conflicts:
src/Composer/Downloader/GitDownloader.php
2013-03-10 14:47:36 +01:00
1071048e52
Merge remote-tracking branch 'miklosm/iss1675.2'
2013-03-10 13:59:53 +01:00
c6bdf6ca11
Merge remote-tracking branch 'miklosm/iss1675.1'
2013-03-10 13:59:21 +01:00
7ae0dd2a2a
Always install dev requirements when using the require command, fixes #1676
2013-03-10 13:44:54 +01:00
41392ace56
Check that a repo has no providers when getPackages is called to catch any mis-use
2013-03-10 13:40:54 +01:00
be861f090a
Remove filterPackages and add RepositoryInterface::search, refactor all commands to use new methods and remove all usage of the full package list for Composer repositories that support providers, fixes #1646
2013-03-10 13:40:52 +01:00
095852933e
Remove code duplication, add support for searchUrl
2013-03-10 13:40:50 +01:00
661df121d9
Proposed fix for #1675
2013-03-08 16:06:53 +01:00
42346ad837
Fix for ordering problem during package removal resulting dangling symlinks, partially fixes #1675
2013-03-08 15:31:00 +01:00
655dc5f2e8
Fixed CS
2013-03-07 11:42:47 +01:00
8534ab1dad
Fixed potential undefined index in ArrayLoader.php
...
A source without a reference is invalid.
2013-03-07 09:55:23 +01:00
87a42c2f01
Fix CS
2013-03-06 23:10:03 +01:00
95a6be2396
Merge remote-tracking branch 'mnishihan/master'
2013-03-06 23:08:36 +01:00
60204f9227
Fake a dev lock when a non-dev update is made and there are actually no dev requirements
2013-03-06 22:20:03 +01:00
834f0b49e5
Improved error messages in ArrayLoader
...
Added package name to exception message when an error occurred in source or dist keys
2013-03-06 18:08:55 +01:00
b474944155
Add more output to the profiled runs, refs #1659
2013-03-05 15:21:54 +01:00
72a4146383
Scratch 'prefer-source'; 'preferred-install' is the bee's knees
2013-03-05 12:56:09 +01:00
9110c6413e
Minor code reorg to reduce duplication
2013-03-04 20:35:29 +01:00
0d81ab7f46
Install/update now uses the new config variable 'prefer-source', fixes #553
2013-03-04 20:29:14 +01:00
0f8530ef56
Support for 'prefer-source' config setting, refs #553
2013-03-04 20:27:59 +01:00
0535473c6b
Merge pull request #1655 from miklosm/iss1653
...
Fix for #1653
2013-03-04 08:24:25 -08:00
a32aa1a305
Fix BC handling of old require-dev, refs #1656
2013-03-04 17:11:13 +01:00
40c9584746
Fixes #1653
2013-03-04 16:33:53 +01:00
373ff04261
Fetch only non-dev packages from lock if doing a dev update fails due to a previously incomplete lock file, fixes #1650
2013-03-04 12:30:59 +01:00
2db6fa1d50
Merge branch 'issue1611'
2013-03-04 09:56:43 +01:00
c95127b80e
Merge pull request #1644 from Seldaek/newdevrequires
...
New require-dev handling
2013-03-04 00:56:12 -08:00
ea7d79ab03
Make sure platform requirements of the root package are enforced when installing from lock, fixes #1611
2013-03-03 20:05:46 +01:00
06026d6b93
Add @deprecated note
2013-03-03 17:59:13 +01:00
67e5e0588d
Fixes #1347 (new license argument / dialog for init command)
2013-03-03 07:06:29 +01:00
73adf29602
Purge old dev packages before installing/updating new ones to make sure people do not have issues updating
2013-03-03 02:04:11 +01:00
542d10d8fd
Remove all occurrences of getLocalDevRepository and getLocalRepositories calls
2013-03-03 01:54:14 +01:00
caf26ac37c
Enable dev mode by default in update command, add a --no-dev flag, fixes #1005
2013-03-03 00:42:22 +01:00
4207fc3b19
Refactor require-dev handling to use one single repository and a one pass solving, fixes #719 , fixes #1185 , fixes #1330 , fixes #789 , fixes #640
2013-03-03 00:41:12 +01:00
357f0572d1
Only print ignoring warning when a package is not installed and not required by the root package, fixes #1642
2013-03-02 20:18:38 +01:00
ab206580f5
Merge remote-tracking branch 'christianjul/master'
2013-03-02 00:05:04 +01:00
2a23f8c48b
Allow create-project to be called in an empty dir that exists, fixes #1135 , replaces #1206
2013-03-02 00:01:01 +01:00
f06c0cb580
Code reorgs and make bool values real booleans, refs #1637
2013-03-01 23:47:24 +01:00
8eb71f5478
Merge remote-tracking branch 'ricardclau/dirty-updates'
2013-03-01 23:35:37 +01:00
b04dbf5d71
Outout message when trying to update non-installed packages
2013-03-01 14:39:33 +01:00
2a2bb6aad6
remove unnecessary else
2013-03-01 10:22:12 +01:00
56f4625ec8
check first if there are changes
2013-02-28 19:44:29 +01:00
48ac383599
initial steps with new config value, implementation of discard changes for git and svn
2013-02-28 19:02:19 +01:00
ed590de8dd
typo
...
I see, that exist a typo error.
2013-02-28 16:56:26 +01:00
c29f3c698e
Fix support of aliases combined with reference locked packages, fixes #1631
2013-02-28 10:51:21 +01:00
e3f06582e4
Clean up archive downloader, fixes #1630
2013-02-27 19:15:40 +01:00
1c468e7c02
Fix cs
2013-02-27 17:35:53 +01:00
821f57f443
A bug in PHP prevents the headers from correctly beeing sent when a content-type header is present and
...
NOT at the end of the array
https://bugs.php.net/bug.php?id=61548
This updates fixes the array by moving the content-type header to the end
2013-02-27 17:07:13 +01:00
9f961dca92
Guard against arrays being passed to is_file, fixes #1627
2013-02-27 15:45:04 +01:00
259a25344d
Use the api to get file contents instead of raw.github.com
...
raw.github does not like the access_token query param
2013-02-27 14:10:28 +01:00
5454645cf3
Merge pull request #1625 from jappie/master
...
Fixed the "access_token query param" (5b1f314
2013-02-27 04:36:27 -08:00
573b7a0fb7
Only downgrade providers but not the notification url
2013-02-27 13:32:21 +01:00
88ae6c023b
Extract archives into temp dir to shorten paths and avoid issues on windows, fixes #1591
2013-02-27 13:31:55 +01:00
4347cb7a55
Fixed the "access_token query param" ( 5b1f314) fix
2013-02-27 13:23:59 +01:00
f69418427f
Add lib-ICU platform package
2013-02-27 13:11:35 +01:00
5b1f3145c2
Update the way github authorization is handled, fixes #1632
...
Since api.github.com redirects to s3 for downloads and s3 does not like Authorization
headers, we have to rely on the access_token query param. Otherwise php follows redirects
but still sends the Authorization header to all following requests.
2013-02-27 12:34:18 +01:00
15e9c3d101
Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294
2013-02-27 10:54:19 +01:00
a783727227
adding use statement
2013-02-25 15:55:37 +00:00
0ba335730e
Specific schema validation failure messages (fixes issue #1616 )
2013-02-25 15:34:31 +00:00
914a4b32e4
removing incorrect optimization
2013-02-25 09:15:25 +00:00
c6c521bfae
optimizing loops
2013-02-25 08:55:26 +00:00
e43d0b5a5b
Allow for "proprietary" as license identifier
2013-02-24 18:33:06 +01:00
8d55b9cced
Merge remote-tracking branch 'ronnylt/script-event-post-dump-autoload'
...
Conflicts:
tests/Composer/Test/Autoload/AutoloadGeneratorTest.php
2013-02-22 18:42:29 +01:00
cee34b4faa
Add the include_paths.php autoload file to the phar when it is present
2013-02-21 18:53:39 +01:00
d4c9a9004a
Add support for the hashed provider includes
2013-02-21 18:51:22 +01:00
2c4c5dd764
Fail hard only after 3 failed attempts
2013-02-21 18:18:04 +01:00
c7ed20e9d8
Fix minor issues in json code
2013-02-21 17:58:23 +01:00
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
2013-02-21 17:41:38 +01:00
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
2013-02-21 17:37:18 +01:00
211b69b38b
Adjust exception message
2013-02-21 17:07:53 +01:00
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
2013-02-21 17:04:41 +01:00
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
2013-02-21 16:50:04 +01:00
27898c4c31
Suppress errors from mkdir calls that are checked for failure
2013-02-20 14:51:15 +01:00
0525297ff5
Always move time to the end of the package spec in the lock file, fixes #1498
2013-02-20 13:27:45 +01:00
b7cd971b06
Merge pull request #1598 from fabpot/package-time-fix
...
fixed time parsing when the composer.lock file has an old time format
2013-02-20 01:01:38 -08:00
ab4e3fbf86
fixed time parsing when the composer.lock file has an old time format
2013-02-19 19:42:59 +01:00
5a484cb3a9
Make sure target-dir plays well with classmap and files autoload, for root and deps, refs #1550
2013-02-19 15:23:43 +01:00
ab1256e135
Merge remote-tracking branch 'cmodijk/master'
2013-02-19 14:21:31 +01:00
518253e150
Show proper repo information and not always the default ones
2013-02-19 11:54:20 +01:00
8ac4b649c3
Merge remote-tracking branch 'gerryvdm/master'
...
Conflicts:
src/Composer/Command/ShowCommand.php
2013-02-19 11:42:15 +01:00
c1a4e5d43b
Add curl -sS everywhere
2013-02-18 17:56:13 +01:00
e348642aa7
Fix json manipulator handling of escaped backslashes, fixes #1588
2013-02-18 17:27:43 +01:00
2e12993c9c
Make selfupdate use ssl when possible
2013-02-15 23:55:20 +01:00
d4fb7bd251
Substract 1char from the width to avoid blank lines in the output on windows
2013-02-15 14:23:08 +01:00
211ca0c826
Merge remote-tracking branch 'KingCrunch/pretty-show'
2013-02-15 14:19:35 +01:00
c55c9e4e8d
Use strtr instead of str_replace
2013-02-15 12:54:33 +01:00
b5c7d97e8c
Pretty "show"-command
2013-02-15 12:17:39 +01:00
a8a99cee24
Fix RepositorySecurityException class name
2013-02-15 09:52:31 +01:00
a2525c8fbe
Replace backslashes in Window directories for config --list
2013-02-14 23:12:24 +00:00
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
Jordi Boggiano