e3f06582e4
Clean up archive downloader, fixes #1630
12 years ago
1c468e7c02
Fix cs
12 years ago
821f57f443
A bug in PHP prevents the headers from correctly beeing sent when a content-type header is present and
...
NOT at the end of the array
https://bugs.php.net/bug.php?id=61548
This updates fixes the array by moving the content-type header to the end
12 years ago
9f961dca92
Guard against arrays being passed to is_file, fixes #1627
12 years ago
259a25344d
Use the api to get file contents instead of raw.github.com
...
raw.github does not like the access_token query param
12 years ago
5454645cf3
Merge pull request #1625 from jappie/master
...
Fixed the "access_token query param" (5b1f314
12 years ago
573b7a0fb7
Only downgrade providers but not the notification url
12 years ago
88ae6c023b
Extract archives into temp dir to shorten paths and avoid issues on windows, fixes #1591
12 years ago
4347cb7a55
Fixed the "access_token query param" ( 5b1f314) fix
12 years ago
f69418427f
Add lib-ICU platform package
12 years ago
5b1f3145c2
Update the way github authorization is handled, fixes #1632
...
Since api.github.com redirects to s3 for downloads and s3 does not like Authorization
headers, we have to rely on the access_token query param. Otherwise php follows redirects
but still sends the Authorization header to all following requests.
12 years ago
15e9c3d101
Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294
12 years ago
a783727227
adding use statement
12 years ago
0ba335730e
Specific schema validation failure messages (fixes issue #1616 )
12 years ago
914a4b32e4
removing incorrect optimization
12 years ago
c6c521bfae
optimizing loops
12 years ago
e43d0b5a5b
Allow for "proprietary" as license identifier
12 years ago
8d55b9cced
Merge remote-tracking branch 'ronnylt/script-event-post-dump-autoload'
...
Conflicts:
tests/Composer/Test/Autoload/AutoloadGeneratorTest.php
12 years ago
cee34b4faa
Add the include_paths.php autoload file to the phar when it is present
12 years ago
d4c9a9004a
Add support for the hashed provider includes
12 years ago
2c4c5dd764
Fail hard only after 3 failed attempts
12 years ago
c7ed20e9d8
Fix minor issues in json code
12 years ago
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
12 years ago
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
12 years ago
211b69b38b
Adjust exception message
12 years ago
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
12 years ago
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
12 years ago
27898c4c31
Suppress errors from mkdir calls that are checked for failure
12 years ago
0525297ff5
Always move time to the end of the package spec in the lock file, fixes #1498
12 years ago
b7cd971b06
Merge pull request #1598 from fabpot/package-time-fix
...
fixed time parsing when the composer.lock file has an old time format
12 years ago
ab4e3fbf86
fixed time parsing when the composer.lock file has an old time format
12 years ago
5a484cb3a9
Make sure target-dir plays well with classmap and files autoload, for root and deps, refs #1550
12 years ago
ab1256e135
Merge remote-tracking branch 'cmodijk/master'
12 years ago
518253e150
Show proper repo information and not always the default ones
12 years ago
8ac4b649c3
Merge remote-tracking branch 'gerryvdm/master'
...
Conflicts:
src/Composer/Command/ShowCommand.php
12 years ago
e348642aa7
Fix json manipulator handling of escaped backslashes, fixes #1588
12 years ago
2e12993c9c
Make selfupdate use ssl when possible
12 years ago
d4fb7bd251
Substract 1char from the width to avoid blank lines in the output on windows
12 years ago
211ca0c826
Merge remote-tracking branch 'KingCrunch/pretty-show'
12 years ago
c55c9e4e8d
Use strtr instead of str_replace
12 years ago
b5c7d97e8c
Pretty "show"-command
12 years ago
a8a99cee24
Fix RepositorySecurityException class name
12 years ago
a2525c8fbe
Replace backslashes in Window directories for config --list
12 years ago
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
12 years ago
5127fe8359
added type check to autoloader fixes #1504
12 years ago
2b36f61596
Use full hash in version information of dev phars, fixes #1502
12 years ago
97dfbefa72
Add support for arbitrary values for the references in version constraints
12 years ago
17a5bdf162
Normalize github URLs generated by the GitHubDriver, fixes #1551
12 years ago
94e99b9c8b
Update docs, config command and schema with all the config values
12 years ago
5165008be7
Merge remote-tracking branch 'pierredup/master'
12 years ago
dd372e7635
Add explicit return
12 years ago
8ab5ef430a
Merge remote-tracking branch 'bamarni/require-command-rollback'
12 years ago
f98f093f7b
Minor code reformatting and error message clarification
12 years ago
8bcb442d2b
Merge remote-tracking branch 'romainneutron/zip-downloader'
12 years ago
1dd7700fc2
Capture output of the rm command
12 years ago
2d40e14985
Try twice to remove a directory on windows because sometimes it fails due to temporary locks
12 years ago
77290069a2
Added option to only show package names
...
Added the --name-only (-N) option to the show command to only list
package names (and exclude version and description).
This is useful to produce a list of package names to be parsed by
a shell script for example (bash completion comes to mind).
12 years ago
2552f4c65e
Added option to only show available packages
...
Added the --available (-a) option to the show command to only list
the available packages, similar to the --installed and --platform
options.
Additionally changed the output formatting when limiting the
package result to remove the hierarchy when only one type is being
showed. This facilitates parsing of a list of packages (for example
for shell scripting and completion).
12 years ago
908d2d91da
Fix case insensitive matching
12 years ago
432955e0ae
Fix github url escaping, raw.github.com doesnt like escaped slashes
12 years ago
ae9a001053
RequireCommand - check if composer.json is writable
12 years ago
99e4173b3d
RequireCommand - rollback if it fails ( fixes #1469 )
12 years ago
72d4bea89e
Change strategy for ZipDownloader
...
Try to use unzip command-line before ZipArchive as this one does not correctly handle file permissions whereas unzip does.
12 years ago
9219e1ab0a
Simplify ordering of links (there cannot be multiple links to the same target)
12 years ago
704837c574
- Sort links and keywords in ArrayDumper result (fixes issue #1499 )
...
- Adapt ArrayDumperTest
12 years ago
3b2accfb58
Merge pull request #1543 from Slamdunk/minor/mt-rand
...
Switch rand() to mt_rand()
12 years ago
49c839d780
Fix cache blasting on nix
12 years ago
470adc47df
Switched rand() to mt_rand()
12 years ago
ff1cf15cb4
Fix unlink(folder) failure on Windows using removeDirectory()
12 years ago
46f5c53521
Merge pull request #1530 from pborreli/typos
...
Fixed typos
12 years ago
86defea407
Modify punctuation for outdated dependency message in installer
12 years ago
46bbf83778
Fixed typos
12 years ago
5a4c720535
Add another missing use statement, fixes #1521
12 years ago
1539c54a1d
Merge pull request #1523 from deguif/master
...
Moved setter for repository before getter in BasePackage class
12 years ago
958ffd8e8b
Add missing use statement, fixes #1521
12 years ago
3c21dc1499
Moved setter before getter and added @inheritDoc
12 years ago
8904888a74
Add php-64bit package if the php version has 64bit ints, fixes #1506 , fixes #1511
12 years ago
5bac9ffaaa
Merge remote-tracking branch 'xrstf/mercurial-support'
12 years ago
1b5229dc04
Fixed phpdoc
12 years ago
c84d3d5937
replicate the git behvaiour to resolve a feature's version for mercurial
12 years ago
d84484b49d
added hg support for Package\Locker
12 years ago
c7c55915f8
do not output the xcopy summary
12 years ago
e33aebc75d
Fix cs
12 years ago
1bd01a8b0b
Merge remote-tracking branch 'joeholdcroft/autoload-namespace-prepend'
12 years ago
7d5e4f76fb
Bug fix & changing loop + array_unshift to array_merge
12 years ago
a7c950cddd
Add support for github-oauth in config command
12 years ago
41e91f3064
Fixed an issue when a phar file is used in "files" option in composer.json
12 years ago
91ca7d7493
Make use-include-path default to false
12 years ago
84b34b70e0
Add config option to set if the PHP include path should automatically be used when generating the autoloader
12 years ago
dea4bdf8f0
Expand {} into a new line before manipulating json, fixes #1481
12 years ago
cea4c05021
Fix parsing of ~ version constraint with unstable versions, fixes #1476
12 years ago
24611ec919
Add newline because JsonManipulator does not expand {}
12 years ago
a48675005b
Implicitly create composer.json in require command
...
This allows shorteninig install instructions if you do not want to use init
(because it is interactive) and you do not want to use create-project (there
is no skeleton, or you do not want to use a skeleton).
12 years ago
a18db058d5
Fix typo
12 years ago
ee1691f799
Also try authenticating on github for 403 responses
12 years ago
f627c3c603
Make Event devMode argument optional (false by default).
12 years ago
e5cbf83185
Added post-autoload-dump script event.
12 years ago
b51a4a7854
Improve depends output, fixes #1459
12 years ago
c80cb76b9b
Always prepend autoloaders to avoid tools (i.e. phpunit) taking precedence over the project autoloader
12 years ago
1356021cb9
Remove installation-source from lock file, fixes #1464
12 years ago
Jordi Boggiano
Markus Tacker
Jasper N. Brouwer
Shane Auckland
Fabien Potencier
Sebastian Krebs
Eric Daspet
johnstevenson
Cliff Odijk
Gerry Vandermaesen
Bilal Amarni
Romain Neutron
perprogramming
Filippo Tessarotto
David Weinraub
Pascal Borreli
deguif
Christoph
Joe Holdcroft
M N Islam Shihan
Pierre du Plessis
Igor Wiedler
Ronny López