From 05caf8349c1df9b37f556d0bacbe125bd75d72b2 Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels.keurentjes@omines.com>
Date: Sat, 30 Jan 2016 01:13:37 +0100
Subject: [PATCH] Fixed bug potentially causing broken sites and solved #4431
 along the way.

---
 src/Composer/Downloader/PathDownloader.php | 24 ++++++++++++++--------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/Composer/Downloader/PathDownloader.php b/src/Composer/Downloader/PathDownloader.php
index 3ff47da8e..7de750db6 100644
--- a/src/Composer/Downloader/PathDownloader.php
+++ b/src/Composer/Downloader/PathDownloader.php
@@ -29,6 +29,21 @@ class PathDownloader extends FileDownloader
      */
     public function download(PackageInterface $package, $path)
     {
+        $url = $package->getDistUrl();
+        $realUrl = realpath($url);
+        if (false === $realUrl || !file_exists($realUrl) || !is_dir($realUrl)) {
+            throw new \RuntimeException(sprintf(
+                'Source path "%s" is not found for package %s', $url, $package->getName()
+            ));
+        }
+
+        if (strpos(realpath($path) . DIRECTORY_SEPARATOR, $realUrl . DIRECTORY_SEPARATOR) === 0) {
+            throw new \RuntimeException(sprintf(
+                'Package %s cannot install to "%s" inside its source at "%s"',
+                $package->getName(), realpath($path), $realUrl
+            ));
+        }
+
         $fileSystem = new Filesystem();
         $this->filesystem->removeDirectory($path);
 
@@ -38,15 +53,6 @@ class PathDownloader extends FileDownloader
             $package->getFullPrettyVersion()
         ));
 
-        $url = $package->getDistUrl();
-        $realUrl = realpath($url);
-        if (false === $realUrl || !file_exists($realUrl) || !is_dir($realUrl)) {
-            throw new \RuntimeException(sprintf(
-                'Path "%s" is not found',
-                $url
-            ));
-        }
-
         try {
             $shortestPath = $this->filesystem->findShortestPath($path, $realUrl);
             $fileSystem->symlink($shortestPath, $path);