vor 12 Jahren · 88a1f27798
--- a/src/Composer/Command/CreateProjectCommand.php
+++ b/src/Composer/Command/CreateProjectCommand.php
@@ -47,7 +47,8 @@ class CreateProjectCommand extends Command
 
				                 new InputArgument('version', InputArgument::OPTIONAL, 'Version, will defaults to latest'),
			
 
				                 new InputOption('prefer-source', null, InputOption::VALUE_NONE, 'Forces installation from package sources when possible, including VCS information.'),
			
 
				                 new InputOption('repository-url', null, InputOption::VALUE_REQUIRED, 'Pick a different repository url to look for the package.'),
			
 
				-                new InputOption('dev', null, InputOption::VALUE_NONE, 'Whether to install dependencies for development.')
			
 
				+                new InputOption('dev', null, InputOption::VALUE_NONE, 'Whether to install dependencies for development.'),
			
 
				+                new InputOption('disable-custom-installers', null, InputOption::VALUE_NONE, 'Whether to disable custom installers.'),
			
 
				             ))
			
 
				             ->setHelp(<<<EOT
			
 
				 The <info>create-project</info> command creates a new project from a given
			
@@ -79,11 +80,12 @@ EOT
 
				             $input->getArgument('version'),
			
 
				             $input->getOption('prefer-source'),
			
 
				             $input->getOption('dev'),
			
 
				-            $input->getOption('repository-url')
			
 
				+            $input->getOption('repository-url'),
			
 
				+            $input->getOption('disable-custom-installers')
			
 
				         );
			
 
				     }
			
 
				 
			
 
				-    public function installProject(IOInterface $io, $packageName, $directory = null, $version = null, $preferSource = false, $installDevPackages = false, $repositoryUrl = null)
			
 
				+    public function installProject(IOInterface $io, $packageName, $directory = null, $version = null, $preferSource = false, $installDevPackages = false, $repositoryUrl = null, $disableCustomInstallers = false)
			
 
				     {
			
 
				         $dm = $this->createDownloadManager($io);
			
 
				         if ($preferSource) {
			
@@ -120,6 +122,11 @@ EOT
 
				         }
			
 
				 
			
 
				         $io->write('<info>Installing ' . $package->getName() . ' (' . VersionParser::formatVersion($package, false) . ')</info>', true);
			
 
				+
			
 
				+        if ($disableCustomInstallers) {
			
 
				+            $io->write('<info>Custom installers have been disabled.</info>');
			
 
				+        }
			
 
				+
			
 
				         if (0 === strpos($package->getPrettyVersion(), 'dev-') && in_array($package->getSourceType(), array('git', 'hg'))) {
			
 
				             $package->setSourceReference(substr($package->getPrettyVersion(), 4));
			
 
				         }
			
@@ -138,10 +145,14 @@ EOT
 
				         $composer = Factory::create($io);
			
 
				         $installer = Installer::create($io, $composer);
			
 
				 
			
 
				-        $installer
			
 
				-            ->setPreferSource($preferSource)
			
 
				-            ->setDevMode($installDevPackages)
			
 
				-            ->run();
			
 
				+        $installer->setPreferSource($preferSource)
			
 
				+            ->setDevMode($installDevPackages);
			
 
				+
			
 
				+        if ($disableCustomInstallers) {
			
 
				+            $installer->disableCustomInstallers();
			
 
				+        }
			
 
				+
			
 
				+        $installer->run();
			
 
				     }
			
 
				 
			
 
				     protected function createDownloadManager(IOInterface $io)
			
--- a/src/Composer/Installer.php
+++ b/src/Composer/Installer.php
@@ -722,4 +722,16 @@ class Installer
 
				 
			
 
				         return $this;
			
 
				     }
			
 
				+
			
 
				+    /**
			
 
				+     * Disables custom installers.
			
 
				+     *
			
 
				+     * Call this if you want to ensure that third-party code never gets
			
 
				+     * executed. The default is to automatically install, and execute
			
 
				+     * custom third-party installers.
			
 
				+     */
			
 
				+    public function disableCustomInstallers()
			
 
				+    {
			
 
				+        $this->installationManager->disableCustomInstallers();
			
 
				+    }
			
 
				 }
			
--- a/src/Composer/Installer/InstallationManager.php
+++ b/src/Composer/Installer/InstallationManager.php
@@ -46,6 +46,24 @@ class InstallationManager
 
				         $this->cache = array();
			
 
				     }
			
 
				 
			
 
				+    /**
			
 
				+     * Disables custom installers.
			
 
				+     *
			
 
				+     * We prevent any custom installers from being instantiated by simply
			
 
				+     * deactivating the installer for them. This ensure that no third-party
			
 
				+     * code is ever executed.
			
 
				+     */
			
 
				+    public function disableCustomInstallers()
			
 
				+    {
			
 
				+        foreach ($this->installers as $i => $installer) {
			
 
				+            if ( ! $installer instanceof InstallerInstaller) {
			
 
				+                continue;
			
 
				+            }
			
 
				+
			
 
				+            unset($this->installers[$i]);
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				     /**
			
 
				      * Returns installer for a specific package type.
			
 
				      *