1
0
Fork 0
Commit Graph

6465 Commits (c3db4614c9d5ddd26a83cf8db05a6828ec168f9d)

Author SHA1 Message Date
Jordi Boggiano c3db4614c9
Also remove credentials from cache dirs in git/svn drivers, fixes #7439, refs #9155 2020-08-27 10:19:23 +02:00
Jordi Boggiano 98862f5408
Merge pull request #9155 from Ayesh/hide-passwords-cache
Sanitize repo URLs to mask HTTP auth passwords from cache directory
2020-08-27 10:12:56 +02:00
Jordi Boggiano 9e77514764
Merge pull request #9156 from Ayesh/gitlab-repos
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
2020-08-27 10:06:28 +02:00
Ayesh Karunaratne 931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.

With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
2020-08-27 12:13:28 +07:00
Ayesh Karunaratne 87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.

Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.

Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
2020-08-26 23:01:00 +07:00
Iskander (Alex) Sharipov dc1fd92b9b
Util/Zip: fix strpos args order
`strpos()` first argument is a haystack, not a needle.

`strpos('x', $s)` is identical to `$s === 'x'` which is probably not what we want here.
2020-08-26 17:23:10 +03:00
Jordi Boggiano 90332f1dbd
Add a readonly mode to the cache, fixes #9150 2020-08-25 13:55:32 +02:00
Jordi Boggiano 875a4784ed
Reorg config class a little 2020-08-25 13:54:29 +02:00
Jordi Boggiano 6186c7f36f
Fix handling of root aliases in partial updates, fixes #9110 2020-08-25 11:05:28 +02:00
Jordi Boggiano 05e9fe936f
Merge branch '1.10' 2020-08-25 08:59:07 +02:00
Jordi Boggiano b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144 2020-08-25 08:58:43 +02:00
Stephan d140a842fa RemoteFilesystem: avoid warning when setting max file size 2020-08-24 13:53:07 +01:00
Jordi Boggiano 2bd1bd4194
Merge pull request #9142 from oleg-andreyev/fixing-error-message-for-higher-priority-repo
fixing error message for higher repository priority when it provides only a dev-branch
2020-08-23 16:52:55 +02:00
Jordi Boggiano 448daea696
Add support for detecting packages not matching only due to minimum stability 2020-08-23 16:48:07 +02:00
Jordi Boggiano e5ba99cf67
Merge branch '1.10' 2020-08-23 15:18:48 +02:00
Jordi Boggiano 9ea9d20b21
Merge pull request #9130 from glaubinix/t/max-file-size
Downloader: add a max_file_size option to prevent too big files to be downloaded
2020-08-23 13:37:12 +02:00
Stephan a16f32484b Downloader: add a max_file_size to prevent too big files to be downloaded 2020-08-22 19:37:42 +01:00
Oleg Andreyev f262feebec
fixing error message for higher repository priority, when higher repo has only a dev-branch 2020-08-22 20:07:13 +03:00
Lars Strojny a83588f568
The proper fix 2020-08-18 16:30:47 +02:00
Lars Strojny 4e06aa051a
Check if inet_pton() exists 2020-08-18 16:00:44 +02:00
johnstevenson 3be62a9fda Fix openssl_free_key deprecation notice in PHP 8 2020-08-14 17:45:41 +01:00
Markus Staab fdff3aeaba
emit github action formatted error messages (#9120) 2020-08-13 16:37:32 +02:00
Jordi Boggiano c845d66818
Lowercase ext- package names, refs #9093 2020-08-13 15:48:41 +02:00
Jordi Boggiano 4d20e6f5d6
Move Version util to Platform namespace, fix CS nitpicks, make regexes case insensitive for robustness, refs #9093 2020-08-13 15:48:41 +02:00
Jordi Boggiano 7e1ef19a5a
Expand library version checking capabilities (closes #9093) 2020-08-13 15:48:41 +02:00
Wissem Riahi 657ae5519e
Add support for TAR in Artifact packages (#9105) 2020-08-12 20:30:58 +02:00
Jordi Boggiano ff757e649c
Use pool to match packages to avoid getting packages without ids, fixes #9094 2020-08-12 12:41:19 +02:00
Jordi Boggiano 826db3db5e
Used locked repo only if it is present 2020-08-12 11:11:37 +02:00
Jordi Boggiano c0eb9834fe
Merge pull request #9116 from ryanaslett/patch-1
Update PathDownloader.php
2020-08-11 09:54:09 +02:00
Jordi Boggiano 51b1a752e3
Merge pull request #9098 from GrahamCampbell/patch-1
Use consistent phpdoc nullable syntax
2020-08-11 09:52:09 +02:00
Jordi Boggiano 7649c8438d
Fix exception when using create-project in current directory, fixes #9073 2020-08-11 09:42:42 +02:00
Ryan Aslett c0309f22d7
Update PathDownloader.php
If a path repository points at a directory that is managed by composer installers, the path that gets set ends up being relative, and this check fails to see that the source is already present, and therefore removes it.

Since ->install is already using realpath around the $path argument, remove should as well.

For an example repository that demonstrates this bug See: https://github.com/ryanaslett/pathrepotestcase
2020-08-10 12:51:48 -07:00
Graham Campbell 019febb5fa
Use consistent phpdoc nullable syntax 2020-08-02 15:10:54 +01:00
Jordi Boggiano 2d3905157d
Merge branch '1.10' 2020-07-30 21:06:51 +02:00
Jordi Boggiano 00f712a7c4
Revert "Allow specifying a version requirement for CLDR" 2020-07-30 21:00:43 +02:00
Jordi Boggiano 387e828993
Promote next major version when running stable self-update, and prevent self-update from automatically upgrading to the next major release 2020-07-30 16:32:29 +02:00
Jordi Boggiano 5bd61ac55c
Cache versions data to avoid redownloading it twice during self-update 2020-07-30 16:32:29 +02:00
Jordi Boggiano 7028d0ce27
Merge pull request #9077 from glaubinix/f/api-data-detection
Driver: only cache composer.json file without API data to disk
2020-07-30 15:32:10 +02:00
Jordi Boggiano daae46e1e0
Merge pull request #9085 from lstrojny/lib-cldr
Allow specifying a version requirement for CLDR
2020-07-30 14:53:46 +02:00
Jordi Boggiano 12d6759888
Fail hard instead of skipping branches/tags quietly when parsing VCS repos if 401/403 are returned, fixes #9087 2020-07-30 14:38:49 +02:00
Jordi Boggiano 7bcde1481d
Fix git downloader syntax for windows cmd when updating packages, fixes #9089 2020-07-30 14:38:48 +02:00
Jordi Boggiano 79813b2f77
Fix detection of git refs to be more strict 2020-07-30 14:38:48 +02:00
Lars Strojny 5a02ea6a96
Check that class exists 2020-07-30 14:29:48 +02:00
Lars Strojny 404dea61c2
Allow specifying a version requirement for the relevant CLDR 2020-07-29 19:32:53 +02:00
Stephan b25296ef74 Driver: only cache composer.json file without API data to disk 2020-07-27 13:26:57 +01:00
Tyson Andre e5c7835d57 Properly support PHP 8.0 Named Arguments
See https://wiki.php.net/rfc/named_params#internal_functions
(implemented but not yet merged)

An ArgumentCountError will be thrown when passing variadic arguments to
a function with call_user_func_array() if extra unknown named arguments
are encountered.

Fatal error: Uncaught ArgumentCountError: array_merge() does not accept unknown named parameters in phar:///path/to/composer.phar/src/Composer/DependencyResolver/DefaultPolicy.php:84

(e.g. for `['phpunit/phpunit' => [72]]`)
2020-07-26 15:28:47 -04:00
Andreas Möller ac055e5718
Fix: Reference 2020-07-21 23:25:05 +02:00
Jordi Boggiano d8fa746433
Merge pull request #9058 from Seldaek/zip-cleanup
Clean up Zip Util to be more strict about what is a valid package archive
2020-07-21 17:17:12 +02:00
Wissem Riahi c353ac835c
Add exception for multiple composer.json files (#3) 2020-07-21 17:10:26 +02:00
Markus Staab 4e1dd4bfdf
added phpdocs in StreamContextFactory 2020-07-20 20:49:00 +02:00