1
0
Fork 0
Commit Graph

9800 Commits (706125fbbff1d7cde55687c8bb357b805068374b)

Author SHA1 Message Date
Brad Jones 706125fbbf
Update config section to note required scope for GitLab tokens 2020-08-27 20:05:04 -10:00
Jordi Boggiano f18d91bd58
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes #9079 2020-08-27 11:25:43 +02:00
Jordi Boggiano c3db4614c9
Also remove credentials from cache dirs in git/svn drivers, fixes #7439, refs #9155 2020-08-27 10:19:23 +02:00
Jordi Boggiano 98862f5408
Merge pull request #9155 from Ayesh/hide-passwords-cache
Sanitize repo URLs to mask HTTP auth passwords from cache directory
2020-08-27 10:12:56 +02:00
Jordi Boggiano 9e77514764
Merge pull request #9156 from Ayesh/gitlab-repos
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
2020-08-27 10:06:28 +02:00
Ayesh Karunaratne 931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.

With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
2020-08-27 12:13:28 +07:00
Jordi Boggiano 42920e01d4
Merge pull request #9154 from quasilyte/patch-1
Util/Zip: fix strpos args order
2020-08-26 20:15:00 +02:00
Ayesh Karunaratne 87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.

Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.

Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
2020-08-26 23:01:00 +07:00
Iskander (Alex) Sharipov dc1fd92b9b
Util/Zip: fix strpos args order
`strpos()` first argument is a haystack, not a needle.

`strpos('x', $s)` is identical to `$s === 'x'` which is probably not what we want here.
2020-08-26 17:23:10 +03:00
Jordi Boggiano d645b3c45a
Merge pull request #9152 from Seldaek/readonly-cache
Add a readonly mode to the cache
2020-08-25 14:41:26 +02:00
Jordi Boggiano 90332f1dbd
Add a readonly mode to the cache, fixes #9150 2020-08-25 13:55:32 +02:00
Jordi Boggiano 875a4784ed
Reorg config class a little 2020-08-25 13:54:29 +02:00
Jordi Boggiano 6186c7f36f
Fix handling of root aliases in partial updates, fixes #9110 2020-08-25 11:05:28 +02:00
Jordi Boggiano 05e9fe936f
Merge branch '1.10' 2020-08-25 08:59:07 +02:00
Jordi Boggiano b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144 2020-08-25 08:58:43 +02:00
Jordi Boggiano 414c37a30c
Merge pull request #9146 from glaubinix/f/remotefilesystem-max-file-size
RemoteFilesystem: avoid warning when setting max file size
2020-08-25 08:55:12 +02:00
Stephan d140a842fa RemoteFilesystem: avoid warning when setting max file size 2020-08-24 13:53:07 +01:00
Jordi Boggiano 2bd1bd4194
Merge pull request #9142 from oleg-andreyev/fixing-error-message-for-higher-priority-repo
fixing error message for higher repository priority when it provides only a dev-branch
2020-08-23 16:52:55 +02:00
Jordi Boggiano 448daea696
Add support for detecting packages not matching only due to minimum stability 2020-08-23 16:48:07 +02:00
Jordi Boggiano 4d83783641
Fix test to avoid network usage 2020-08-23 16:03:00 +02:00
Jordi Boggiano 2646f09c2e
Update lock 2020-08-23 15:19:32 +02:00
Jordi Boggiano e5ba99cf67
Merge branch '1.10' 2020-08-23 15:18:48 +02:00
Jordi Boggiano 45246aca22
Update deps, fixes #9125 2020-08-23 15:06:23 +02:00
Jordi Boggiano 9ea9d20b21
Merge pull request #9130 from glaubinix/t/max-file-size
Downloader: add a max_file_size option to prevent too big files to be downloaded
2020-08-23 13:37:12 +02:00
Stephan a16f32484b Downloader: add a max_file_size to prevent too big files to be downloaded 2020-08-22 19:37:42 +01:00
Oleg Andreyev e745e59656
updated repositories-priorities4.test 2020-08-22 20:11:15 +03:00
Oleg Andreyev f262feebec
fixing error message for higher repository priority, when higher repo has only a dev-branch 2020-08-22 20:07:13 +03:00
Jordi Boggiano c5f6413142
Merge pull request #9124 from johnstevenson/deprecation
Fix openssl_free_key deprecation notice in PHP 8
2020-08-22 11:54:35 +02:00
Jordi Boggiano 38f49acfdd
Merge pull request #9133 from lstrojny/dev/check-inet-pton
Fix regression when inet_pton() does not exist
2020-08-18 16:52:45 +02:00
Lars Strojny 3e750b69f4
Fix name 2020-08-18 16:31:46 +02:00
Lars Strojny a83588f568
The proper fix 2020-08-18 16:30:47 +02:00
Lars Strojny 99fd5c7b49
Add tests 2020-08-18 16:05:40 +02:00
Lars Strojny 4e06aa051a
Check if inet_pton() exists 2020-08-18 16:00:44 +02:00
Jordi Boggiano 4aaff4c4b4
Merge pull request #9131 from GrahamCampbell/actions
Actions tweaks
2020-08-18 11:41:34 +02:00
Graham Campbell 99d4b802fb Bumped minimum phpstan versions 2020-08-18 10:23:26 +01:00
Graham Campbell f5c2bdb783 Use latest cache action 2020-08-18 10:23:09 +01:00
johnstevenson 3be62a9fda Fix openssl_free_key deprecation notice in PHP 8 2020-08-14 17:45:41 +01:00
Jordi Boggiano 0eebdcf2e6
Merge pull request #9122 from staabm/patch-2
phpstan natively sends github action formatted errors
2020-08-13 17:01:48 +02:00
Markus Staab fdff3aeaba
emit github action formatted error messages (#9120) 2020-08-13 16:37:32 +02:00
Markus Staab 2279b6fdad
phpstan natively sends github action formatted errors
no need to use cs2pr for now
2020-08-13 15:57:39 +02:00
Jordi Boggiano c845d66818
Lowercase ext- package names, refs #9093 2020-08-13 15:48:41 +02:00
Jordi Boggiano 4d20e6f5d6
Move Version util to Platform namespace, fix CS nitpicks, make regexes case insensitive for robustness, refs #9093 2020-08-13 15:48:41 +02:00
Jordi Boggiano 7e1ef19a5a
Expand library version checking capabilities (closes #9093) 2020-08-13 15:48:41 +02:00
Wissem Riahi 657ae5519e
Add support for TAR in Artifact packages (#9105) 2020-08-12 20:30:58 +02:00
Jordi Boggiano ff757e649c
Use pool to match packages to avoid getting packages without ids, fixes #9094 2020-08-12 12:41:19 +02:00
Jordi Boggiano 826db3db5e
Used locked repo only if it is present 2020-08-12 11:11:37 +02:00
Jordi Boggiano c0eb9834fe
Merge pull request #9116 from ryanaslett/patch-1
Update PathDownloader.php
2020-08-11 09:54:09 +02:00
Jordi Boggiano 51b1a752e3
Merge pull request #9098 from GrahamCampbell/patch-1
Use consistent phpdoc nullable syntax
2020-08-11 09:52:09 +02:00
Jordi Boggiano 70a56c73e3
Merge pull request #9115 from PrinsFrank/clarify-comitting-lock-file
Docs: Move note about not committing lock file to correct section.
2020-08-11 09:49:14 +02:00
Jordi Boggiano 7649c8438d
Fix exception when using create-project in current directory, fixes #9073 2020-08-11 09:42:42 +02:00