Merge pull request #9155 from Ayesh/hide-passwords-cache

Sanitize repo URLs to mask HTTP auth passwords from cache directory
4 years ago · 98862f5408
parent 9e77514764 87573aab27
commit 98862f5408
1 changed files with 1 additions and 1 deletions
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@ -129,7 +129,7 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito

        $this->baseUrl = rtrim(preg_replace('{(?:/[^/\\\\]+\.json)?(?:[?#].*)?$}', '', $this->url), '/');
        $this->io = $io;
-        $this->cache = new Cache($io, $config->get('cache-repo-dir').'/'.preg_replace('{[^a-z0-9.]}i', '-', $this->url), 'a-z0-9.$~');
+        $this->cache = new Cache($io, $config->get('cache-repo-dir').'/'.preg_replace('{[^a-z0-9.]}i', '-', Url::sanitize($this->url)), 'a-z0-9.$~');
        $this->cache->setReadOnly($config->get('cache-read-only'));
        $this->versionParser = new VersionParser();
        $this->loader = new ArrayLoader($this->versionParser);