Explorar el Código

Prevent submitting HTTP packages, fixes #904

Jordi Boggiano hace 6 años
padre
commit
3e4b8755bc
Se han modificado 1 ficheros con 6 adiciones y 1 borrados
  1. 6 1
      src/Packagist/WebBundle/Entity/Package.php

+ 6 - 1
src/Packagist/WebBundle/Entity/Package.php

@@ -229,7 +229,12 @@ class Package
         $property = 'repository';
         $driver = $this->vcsDriver;
         if (!is_object($driver)) {
-            if (preg_match('{https?://.+@}', $this->repository)) {
+            if (preg_match('{^http://}', $this->repository)) {
+                $context->buildViolation('Non-secure HTTP URLs are not supported, make sure you use an HTTPS or SSH URL')
+                    ->atPath($property)
+                    ->addViolation()
+                ;
+            } elseif (preg_match('{https?://.+@}', $this->repository)) {
                 $context->buildViolation('URLs with user@host are not supported, use a read-only public URL')
                     ->atPath($property)
                     ->addViolation()