* Validates that the passed URL is allowed to be used by current config, or throws an exception.
*
* @param string $url
*/
public function prohibitUrlByConfig($url)
{
if (!$this->get('secure-http')) {
return;
}
// Parse the URL into its separate parts
$parsed = parse_url($url);
if (false === $parsed || !isset($parsed['scheme'])) {
// If the URL is malformed or does not contain a usable scheme it's not going to work anyway
return;
}
// Throw exception on known insecure protocols
if (in_array($parsed['scheme'], array('http', 'git', 'ftp', 'svn'))) {
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
@ -89,13 +91,6 @@ class HgDownloader extends VcsDownloader
return $output;
}
protected function checkSecureHttp($url)
{
if (preg_match('{^http:}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
throw new \RuntimeException('Can not clone '.$this->url.' to access package information. The "'.$cacheDir.'" directory is not writable by the current user.');
}
if (preg_match('{^http:}i', $this->url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
// Ensure we are allowed to use this URL by config
$this->config->prohibitUrlByConfig($this->url);
// update the repo if it is a valid hg repository
if (is_dir($this->repoDir) && 0 === $this->process->execute('hg summary', $output, $this->repoDir)) {
public function runCommand($commandCallable, $url, $cwd, $initialClone = false)
{
if (preg_match('{^(http|git):}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
// Ensure we are allowed to use this URL by config
public function execute($command, $url, $cwd = null, $path = null, $verbose = false)
{
if (preg_match('{^(http|svn):}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
// Ensure we are allowed to use this URL by config