public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
2,996 Commits
3 Branches
209 Tags
54 MiB
Commit Graph

2053 Commits (98ada572ec52875dfa70e0cb9851dd5f8a34f006)

Author SHA1 Message Date
Daniel González ed590de8dd typo 
I see, that exist a typo error.
 2013-02-28 16:56:26 +01:00
Jordi Boggiano c29f3c698e Fix support of aliases combined with reference locked packages, fixes #1631 2013-02-28 10:51:21 +01:00
Jordi Boggiano e3f06582e4 Clean up archive downloader, fixes #1630 2013-02-27 19:15:40 +01:00
Jordi Boggiano 1c468e7c02 Fix cs 2013-02-27 17:35:53 +01:00
Markus Tacker 821f57f443 A bug in PHP prevents the headers from correctly beeing sent when a content-type header is present and 
NOT at the end of the array

https://bugs.php.net/bug.php?id=61548

This updates fixes the array by moving the content-type header to the end
 2013-02-27 17:07:13 +01:00
Jordi Boggiano 9f961dca92 Guard against arrays being passed to is_file, fixes #1627 2013-02-27 15:45:04 +01:00
Jordi Boggiano 259a25344d Use the api to get file contents instead of raw.github.com 
raw.github does not like the access_token query param
 2013-02-27 14:10:28 +01:00
Jordi Boggiano 5454645cf3 Merge pull request #1625 from jappie/master 
Fixed the "access_token query param" (5b1f314) fix
 2013-02-27 04:36:27 -08:00
Jordi Boggiano 573b7a0fb7 Only downgrade providers but not the notification url 2013-02-27 13:32:21 +01:00
Jordi Boggiano 88ae6c023b Extract archives into temp dir to shorten paths and avoid issues on windows, fixes #1591 2013-02-27 13:31:55 +01:00
Jasper N. Brouwer 4347cb7a55 Fixed the "access_token query param" (5b1f314) fix 2013-02-27 13:23:59 +01:00
Jordi Boggiano f69418427f Add lib-ICU platform package 2013-02-27 13:11:35 +01:00
Jordi Boggiano 5b1f3145c2 Update the way github authorization is handled, fixes #1632 
Since api.github.com redirects to s3 for downloads and s3 does not like Authorization
headers, we have to rely on the access_token query param. Otherwise php follows redirects
but still sends the Authorization header to all following requests.
 2013-02-27 12:34:18 +01:00
Jordi Boggiano 15e9c3d101 Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294 2013-02-27 10:54:19 +01:00
Shane Auckland a783727227 adding use statement 2013-02-25 15:55:37 +00:00
Shane Auckland 0ba335730e Specific schema validation failure messages (fixes issue #1616) 2013-02-25 15:34:31 +00:00
Shane Auckland 914a4b32e4 removing incorrect optimization 2013-02-25 09:15:25 +00:00
Shane Auckland c6c521bfae optimizing loops 2013-02-25 08:55:26 +00:00
Jordi Boggiano e43d0b5a5b Allow for "proprietary" as license identifier 2013-02-24 18:33:06 +01:00
Jordi Boggiano 8d55b9cced Merge remote-tracking branch 'ronnylt/script-event-post-dump-autoload' 
Conflicts:
	tests/Composer/Test/Autoload/AutoloadGeneratorTest.php
 2013-02-22 18:42:29 +01:00
Jordi Boggiano cee34b4faa Add the include_paths.php autoload file to the phar when it is present 2013-02-21 18:53:39 +01:00
Jordi Boggiano d4c9a9004a Add support for the hashed provider includes 2013-02-21 18:51:22 +01:00
Jordi Boggiano 2c4c5dd764 Fail hard only after 3 failed attempts 2013-02-21 18:18:04 +01:00
Jordi Boggiano c7ed20e9d8 Fix minor issues in json code 2013-02-21 17:58:23 +01:00
Jordi Boggiano b750e70f5f Abort execution when a RepositorySecurityException is thrown 2013-02-21 17:41:38 +01:00
Jordi Boggiano 995dc40130 Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256 2013-02-21 17:37:18 +01:00
Jordi Boggiano 211b69b38b Adjust exception message 2013-02-21 17:07:53 +01:00
Jordi Boggiano b59489f6ae Merge remote-tracking branch 'edas/exception-on-broken-signature' 2013-02-21 17:04:41 +01:00
Jordi Boggiano 9521d1e7ad Make use of new hashed provider filenames, fixes #1431, refs composer/packagist#283 2013-02-21 16:50:04 +01:00
Jordi Boggiano 27898c4c31 Suppress errors from mkdir calls that are checked for failure 2013-02-20 14:51:15 +01:00
Jordi Boggiano 0525297ff5 Always move time to the end of the package spec in the lock file, fixes #1498 2013-02-20 13:27:45 +01:00
Jordi Boggiano b7cd971b06 Merge pull request #1598 from fabpot/package-time-fix 
fixed time parsing when the composer.lock file has an old time format
 2013-02-20 01:01:38 -08:00
Fabien Potencier ab4e3fbf86 fixed time parsing when the composer.lock file has an old time format 2013-02-19 19:42:59 +01:00
Jordi Boggiano 5a484cb3a9 Make sure target-dir plays well with classmap and files autoload, for root and deps, refs #1550 2013-02-19 15:23:43 +01:00
Jordi Boggiano ab1256e135 Merge remote-tracking branch 'cmodijk/master' 2013-02-19 14:21:31 +01:00
Jordi Boggiano 518253e150 Show proper repo information and not always the default ones 2013-02-19 11:54:20 +01:00
Jordi Boggiano 8ac4b649c3 Merge remote-tracking branch 'gerryvdm/master' 
Conflicts:
	src/Composer/Command/ShowCommand.php
 2013-02-19 11:42:15 +01:00
Igor Wiedler c1a4e5d43b Add curl -sS everywhere 2013-02-18 17:56:13 +01:00
Jordi Boggiano e348642aa7 Fix json manipulator handling of escaped backslashes, fixes #1588 2013-02-18 17:27:43 +01:00
Jordi Boggiano 2e12993c9c Make selfupdate use ssl when possible 2013-02-15 23:55:20 +01:00
Jordi Boggiano d4fb7bd251 Substract 1char from the width to avoid blank lines in the output on windows 2013-02-15 14:23:08 +01:00
Jordi Boggiano 211ca0c826 Merge remote-tracking branch 'KingCrunch/pretty-show' 2013-02-15 14:19:35 +01:00
Jordi Boggiano c55c9e4e8d Use strtr instead of str_replace 2013-02-15 12:54:33 +01:00
Sebastian Krebs b5c7d97e8c Pretty "show"-command 2013-02-15 12:17:39 +01:00
Eric Daspet a8a99cee24 Fix RepositorySecurityException class name 2013-02-15 09:52:31 +01:00
johnstevenson a2525c8fbe Replace backslashes in Window directories for config --list 2013-02-14 23:12:24 +00:00
Eric Daspet 59f8be3b92 Throw Exception on broken signature 
This is related to issue #1562

With a fresh installation of Composer I had the following message:

> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.

This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.

*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.

This is a *serious* security issue.

The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states

```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````

Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.

Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
 2013-02-14 15:53:40 +01:00
Cliff Odijk 5127fe8359 added type check to autoloader fixes #1504 2013-02-14 00:10:18 +01:00
Jordi Boggiano 2b36f61596 Use full hash in version information of dev phars, fixes #1502 2013-02-13 14:32:50 +01:00
Jordi Boggiano 97dfbefa72 Add support for arbitrary values for the references in version constraints 2013-02-13 13:26:27 +01:00