Fix access_token param being incorrectly added on github requests after a redirection, fixes #5099

8 years ago · 3ac822d5e2
parent 143db7a9f5
commit 3ac822d5e2
1 changed files with 4 additions and 1 deletions
--- a/src/Composer/Util/RemoteFilesystem.php
+++ b/src/Composer/Util/RemoteFilesystem.php
@ -233,7 +233,10 @@ class RemoteFilesystem
        $origFileUrl = $fileUrl;

        if (isset($options['github-token'])) {
-            $fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];
+            // only add the access_token if it is actually a github URL (in case we were redirected to S3)
+            if (preg_match('{^https?://([a-z0-9-]+\.)*github\.com/}', $fileUrl)) {
+                $fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];
+            }
            unset($options['github-token']);
        }