// Return right away if check is disabled, or if the URL is malformed or custom (see issue #5173)
if (!$this->get('secure-http') || false === filter_var($url, FILTER_VALIDATE_URL)) {
return;
return;
}
}
// Parse the URL into its separate parts
// Extract scheme and throw exception on known insecure protocols
$parsed = parse_url($url);
$scheme = parse_url($url, PHP_URL_SCHEME);
if (false === $parsed || !isset($parsed['scheme'])) {
if (in_array($scheme, array('http', 'git', 'ftp', 'svn'))) {
// If the URL is malformed or does not contain a usable scheme it's not going to work anyway
return;
}
// Throw exception on known insecure protocols
if (in_array($parsed['scheme'], array('http', 'git', 'ftp', 'svn'))) {
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
throw new TransportException("Your configuration does not allow connections to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");