98862f5408
Merge pull request #9155 from Ayesh/hide-passwords-cache
...
Sanitize repo URLs to mask HTTP auth passwords from cache directory
4 years ago
9e77514764
Merge pull request #9156 from Ayesh/gitlab-repos
...
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
4 years ago
931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
...
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories ) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
4 years ago
42920e01d4
Merge pull request #9154 from quasilyte/patch-1
...
Util/Zip: fix strpos args order
4 years ago
87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory
...
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.
Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories ), and the HTTP password was visible in a `composer update -vvv` command.
Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
4 years ago
dc1fd92b9b
Util/Zip: fix strpos args order
...
`strpos()` first argument is a haystack, not a needle.
`strpos('x', $s)` is identical to `$s === 'x'` which is probably not what we want here.
4 years ago
9a04ecefbf
Merge branch 'master' into filter-packages
4 years ago
f516d36f6f
Make sure Request::requireName can not be called twice for the same name
4 years ago
d645b3c45a
Merge pull request #9152 from Seldaek/readonly-cache
...
Add a readonly mode to the cache
4 years ago
90332f1dbd
Add a readonly mode to the cache, fixes #9150
4 years ago
875a4784ed
Reorg config class a little
4 years ago
6186c7f36f
Fix handling of root aliases in partial updates, fixes #9110
4 years ago
05e9fe936f
Merge branch '1.10'
4 years ago
b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144
4 years ago
414c37a30c
Merge pull request #9146 from glaubinix/f/remotefilesystem-max-file-size
...
RemoteFilesystem: avoid warning when setting max file size
4 years ago
d140a842fa
RemoteFilesystem: avoid warning when setting max file size
4 years ago
2bd1bd4194
Merge pull request #9142 from oleg-andreyev/fixing-error-message-for-higher-priority-repo
...
fixing error message for higher repository priority when it provides only a dev-branch
4 years ago
448daea696
Add support for detecting packages not matching only due to minimum stability
4 years ago
4d83783641
Fix test to avoid network usage
4 years ago
2646f09c2e
Update lock
4 years ago
e5ba99cf67
Merge branch '1.10'
4 years ago
45246aca22
Update deps, fixes #9125
4 years ago
9ea9d20b21
Merge pull request #9130 from glaubinix/t/max-file-size
...
Downloader: add a max_file_size option to prevent too big files to be downloaded
4 years ago
a16f32484b
Downloader: add a max_file_size to prevent too big files to be downloaded
4 years ago
e745e59656
updated repositories-priorities4.test
4 years ago
f262feebec
fixing error message for higher repository priority, when higher repo has only a dev-branch
4 years ago
c5f6413142
Merge pull request #9124 from johnstevenson/deprecation
...
Fix openssl_free_key deprecation notice in PHP 8
4 years ago
38f49acfdd
Merge pull request #9133 from lstrojny/dev/check-inet-pton
...
Fix regression when inet_pton() does not exist
4 years ago
3e750b69f4
Fix name
4 years ago
a83588f568
The proper fix
4 years ago
99fd5c7b49
Add tests
4 years ago
4e06aa051a
Check if inet_pton() exists
4 years ago
4aaff4c4b4
Merge pull request #9131 from GrahamCampbell/actions
...
Actions tweaks
4 years ago
99d4b802fb
Bumped minimum phpstan versions
4 years ago
f5c2bdb783
Use latest cache action
4 years ago
3be62a9fda
Fix openssl_free_key deprecation notice in PHP 8
4 years ago
0eebdcf2e6
Merge pull request #9122 from staabm/patch-2
...
phpstan natively sends github action formatted errors
4 years ago
00e268cdbf
Clear Intervals cache when we are done with it
4 years ago
fdff3aeaba
emit github action formatted error messages ( #9120 )
4 years ago
2279b6fdad
phpstan natively sends github action formatted errors
...
no need to use cs2pr for now
4 years ago
c845d66818
Lowercase ext- package names, refs #9093
4 years ago
4d20e6f5d6
Move Version util to Platform namespace, fix CS nitpicks, make regexes case insensitive for robustness, refs #9093
4 years ago
7e1ef19a5a
Expand library version checking capabilities ( closes #9093 )
4 years ago
657ae5519e
Add support for TAR in Artifact packages ( #9105 )
4 years ago
ff757e649c
Use pool to match packages to avoid getting packages without ids, fixes #9094
4 years ago
826db3db5e
Used locked repo only if it is present
4 years ago
c0eb9834fe
Merge pull request #9116 from ryanaslett/patch-1
...
Update PathDownloader.php
4 years ago
51b1a752e3
Merge pull request #9098 from GrahamCampbell/patch-1
...
Use consistent phpdoc nullable syntax
4 years ago
70a56c73e3
Merge pull request #9115 from PrinsFrank/clarify-comitting-lock-file
...
Docs: Move note about not committing lock file to correct section.
4 years ago
7649c8438d
Fix exception when using create-project in current directory, fixes #9073
4 years ago
Jordi Boggiano
Ayesh Karunaratne
Iskander (Alex) Sharipov
Stephan
Oleg Andreyev
Lars Strojny
Graham Campbell
johnstevenson
Markus Staab
Markus Staab
Wissem Riahi