Jordi Boggiano
c3db4614c9
Also remove credentials from cache dirs in git/svn drivers, fixes #7439 , refs #9155
2020-08-27 10:19:23 +02:00
Jordi Boggiano
98862f5408
Merge pull request #9155 from Ayesh/hide-passwords-cache
...
Sanitize repo URLs to mask HTTP auth passwords from cache directory
2020-08-27 10:12:56 +02:00
Jordi Boggiano
9e77514764
Merge pull request #9156 from Ayesh/gitlab-repos
...
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
2020-08-27 10:06:28 +02:00
Ayesh Karunaratne
931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
...
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories ) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
2020-08-27 12:13:28 +07:00
Jordi Boggiano
42920e01d4
Merge pull request #9154 from quasilyte/patch-1
...
Util/Zip: fix strpos args order
2020-08-26 20:15:00 +02:00
Ayesh Karunaratne
87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory
...
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.
Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories ), and the HTTP password was visible in a `composer update -vvv` command.
Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
2020-08-26 23:01:00 +07:00
Iskander (Alex) Sharipov
dc1fd92b9b
Util/Zip: fix strpos args order
...
`strpos()` first argument is a haystack, not a needle.
`strpos('x', $s)` is identical to `$s === 'x'` which is probably not what we want here.
2020-08-26 17:23:10 +03:00
Jordi Boggiano
9a04ecefbf
Merge branch 'master' into filter-packages
2020-08-25 16:51:28 +02:00
Jordi Boggiano
f516d36f6f
Make sure Request::requireName can not be called twice for the same name
2020-08-25 15:37:28 +02:00
Jordi Boggiano
d645b3c45a
Merge pull request #9152 from Seldaek/readonly-cache
...
Add a readonly mode to the cache
2020-08-25 14:41:26 +02:00
Jordi Boggiano
90332f1dbd
Add a readonly mode to the cache, fixes #9150
2020-08-25 13:55:32 +02:00
Jordi Boggiano
875a4784ed
Reorg config class a little
2020-08-25 13:54:29 +02:00
Jordi Boggiano
6186c7f36f
Fix handling of root aliases in partial updates, fixes #9110
2020-08-25 11:05:28 +02:00
Jordi Boggiano
05e9fe936f
Merge branch '1.10'
2020-08-25 08:59:07 +02:00
Jordi Boggiano
b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144
2020-08-25 08:58:43 +02:00
Jordi Boggiano
414c37a30c
Merge pull request #9146 from glaubinix/f/remotefilesystem-max-file-size
...
RemoteFilesystem: avoid warning when setting max file size
2020-08-25 08:55:12 +02:00
Stephan
d140a842fa
RemoteFilesystem: avoid warning when setting max file size
2020-08-24 13:53:07 +01:00
Jordi Boggiano
2bd1bd4194
Merge pull request #9142 from oleg-andreyev/fixing-error-message-for-higher-priority-repo
...
fixing error message for higher repository priority when it provides only a dev-branch
2020-08-23 16:52:55 +02:00
Jordi Boggiano
448daea696
Add support for detecting packages not matching only due to minimum stability
2020-08-23 16:48:07 +02:00
Jordi Boggiano
4d83783641
Fix test to avoid network usage
2020-08-23 16:03:00 +02:00
Jordi Boggiano
2646f09c2e
Update lock
2020-08-23 15:19:32 +02:00
Jordi Boggiano
e5ba99cf67
Merge branch '1.10'
2020-08-23 15:18:48 +02:00
Jordi Boggiano
45246aca22
Update deps, fixes #9125
2020-08-23 15:06:23 +02:00
Jordi Boggiano
9ea9d20b21
Merge pull request #9130 from glaubinix/t/max-file-size
...
Downloader: add a max_file_size option to prevent too big files to be downloaded
2020-08-23 13:37:12 +02:00
Stephan
a16f32484b
Downloader: add a max_file_size to prevent too big files to be downloaded
2020-08-22 19:37:42 +01:00
Oleg Andreyev
e745e59656
updated repositories-priorities4.test
2020-08-22 20:11:15 +03:00
Oleg Andreyev
f262feebec
fixing error message for higher repository priority, when higher repo has only a dev-branch
2020-08-22 20:07:13 +03:00
Jordi Boggiano
c5f6413142
Merge pull request #9124 from johnstevenson/deprecation
...
Fix openssl_free_key deprecation notice in PHP 8
2020-08-22 11:54:35 +02:00
Jordi Boggiano
38f49acfdd
Merge pull request #9133 from lstrojny/dev/check-inet-pton
...
Fix regression when inet_pton() does not exist
2020-08-18 16:52:45 +02:00
Lars Strojny
3e750b69f4
Fix name
2020-08-18 16:31:46 +02:00
Lars Strojny
a83588f568
The proper fix
2020-08-18 16:30:47 +02:00
Lars Strojny
99fd5c7b49
Add tests
2020-08-18 16:05:40 +02:00
Lars Strojny
4e06aa051a
Check if inet_pton() exists
2020-08-18 16:00:44 +02:00
Jordi Boggiano
4aaff4c4b4
Merge pull request #9131 from GrahamCampbell/actions
...
Actions tweaks
2020-08-18 11:41:34 +02:00
Graham Campbell
99d4b802fb
Bumped minimum phpstan versions
2020-08-18 10:23:26 +01:00
Graham Campbell
f5c2bdb783
Use latest cache action
2020-08-18 10:23:09 +01:00
johnstevenson
3be62a9fda
Fix openssl_free_key deprecation notice in PHP 8
2020-08-14 17:45:41 +01:00
Jordi Boggiano
0eebdcf2e6
Merge pull request #9122 from staabm/patch-2
...
phpstan natively sends github action formatted errors
2020-08-13 17:01:48 +02:00
Jordi Boggiano
00e268cdbf
Clear Intervals cache when we are done with it
2020-08-13 16:45:43 +02:00
Markus Staab
fdff3aeaba
emit github action formatted error messages ( #9120 )
2020-08-13 16:37:32 +02:00
Markus Staab
2279b6fdad
phpstan natively sends github action formatted errors
...
no need to use cs2pr for now
2020-08-13 15:57:39 +02:00
Jordi Boggiano
c845d66818
Lowercase ext- package names, refs #9093
2020-08-13 15:48:41 +02:00
Jordi Boggiano
4d20e6f5d6
Move Version util to Platform namespace, fix CS nitpicks, make regexes case insensitive for robustness, refs #9093
2020-08-13 15:48:41 +02:00
Jordi Boggiano
7e1ef19a5a
Expand library version checking capabilities ( closes #9093 )
2020-08-13 15:48:41 +02:00
Wissem Riahi
657ae5519e
Add support for TAR in Artifact packages ( #9105 )
2020-08-12 20:30:58 +02:00
Jordi Boggiano
ff757e649c
Use pool to match packages to avoid getting packages without ids, fixes #9094
2020-08-12 12:41:19 +02:00
Jordi Boggiano
826db3db5e
Used locked repo only if it is present
2020-08-12 11:11:37 +02:00
Jordi Boggiano
c0eb9834fe
Merge pull request #9116 from ryanaslett/patch-1
...
Update PathDownloader.php
2020-08-11 09:54:09 +02:00
Jordi Boggiano
51b1a752e3
Merge pull request #9098 from GrahamCampbell/patch-1
...
Use consistent phpdoc nullable syntax
2020-08-11 09:52:09 +02:00
Jordi Boggiano
70a56c73e3
Merge pull request #9115 from PrinsFrank/clarify-comitting-lock-file
...
Docs: Move note about not committing lock file to correct section.
2020-08-11 09:49:14 +02:00