public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
9,792 Commits
3 Branches
206 Tags
52 MiB
PHP 100%
 
Go to file
Ayesh Karunaratne 87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory 
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.

Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.

Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
 		2020-08-26 23:01:00 +07:00
.github Bumped minimum phpstan versions 2020-08-18 10:23:26 +01:00
bin Fix: Xdebug vs xdebug 2019-11-03 14:08:14 +01:00
doc Add a readonly mode to the cache, fixes #9150 2020-08-25 13:55:32 +02:00
phpstan ZipArchive issues fixed in phpstan it seems 2020-06-22 10:54:38 +02:00
res Add a readonly mode to the cache, fixes #9150 2020-08-25 13:55:32 +02:00
src Sanitize repo URLs to mask HTTP auth passwords from cache directory 2020-08-26 23:01:00 +07:00
tests Fix handling of root aliases in partial updates, fixes #9110 2020-08-25 11:05:28 +02:00
.editorconfig Enhancement: Add .editorconfig 2019-01-03 10:49:27 +01:00
.gitattributes Update HTTP URLs to their HTTPS if they already redirect automatically 2020-04-13 06:22:02 +07:00
.gitignore Add PHPCSFixer config 2015-04-15 01:22:20 +01:00
.php_cs Uses config data from Composer object whenever possible on ArchiveCommand 2020-02-10 13:15:58 -02:00
CHANGELOG.md Merge branch '1.10' 2020-08-03 11:49:48 +02:00
CODE_OF_CONDUCT.md Add coc file to appease the github UI 2020-04-23 11:14:08 +02:00
LICENSE lets avoid silly commits in the future 2017-01-19 12:10:26 +01:00
PORTING_INFO Import initial partial port of the libzypp satsolver. 2011-04-05 17:37:19 +02:00
README.md fix: workflow status badge (#8825) 2020-04-22 14:56:39 +02:00
UPGRADE-2.0.md Update UPGRADE-2.0.md 2020-08-03 12:55:15 +02:00
composer.json Allow php8 for Composer 2 2020-06-05 10:39:56 +02:00
composer.lock Update lock 2020-08-23 15:19:32 +02:00
phpunit.xml.dist Build tweaks 2020-05-20 16:20:54 +02:00

README.md

Composer - Dependency Management for PHP

Composer helps you declare, manage, and install dependencies of PHP projects.

See https://getcomposer.org/ for more information and documentation.

Continuous Integration

Installation / Usage

Download and install Composer by following the official instructions.

For usage, see the documentation.

Packages

Find packages on Packagist.

Community

IRC channels are on irc.freenode.org: #composer for users and #composer-dev for development.

For support, Stack Overflow also offers a good collection of Composer related questions.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project and its community you agree to abide by those terms.

Requirements

PHP 5.3.2 or above (at least 5.3.4 recommended to avoid potential bugs)

Authors

See also the list of contributors who participated in this project.

Security Reports

Please send any sensitive issue to security@packagist.org. Thanks!

License

Composer is licensed under the MIT License - see the LICENSE file for details

Acknowledgments