Browse Source

Prevent local URIs

Jordi Boggiano 12 years ago
parent
commit
e52a4c9ded
1 changed files with 5 additions and 0 deletions
  1. 5 0
      src/Packagist/WebBundle/Entity/Package.php

+ 5 - 0
src/Packagist/WebBundle/Entity/Package.php

@@ -288,6 +288,11 @@ class Package
      */
     public function setRepository($repository)
     {
+        // prevent local filesystem URLs
+        if (preg_match('{^(\.|[a-z]:|/)}i', $repository)) {
+            return;
+        }
+
         $this->repository = $repository;
 
         // avoid user@host URLs