8000 Fix find excutable function execute exception when command option treated as executable file by kayw-geek · Pull Request #11790 · composer/composer · GitHub
[go: up one dir, main page]
Skip to content

Fix find excutable function execute exception when command option treated as executable file #11790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix find excutable function execute exception when command option treated as executable file #11790

wants to merge 2 commits into from

Conversation

kayw-geek
Copy link
@kayw-geek kayw-geek commented Jan 10, 2024
edited
Loading

How to reproduce

In my Laravel project composer.json file, script defined a few script like that

"post-update-cmd": [
            "@php -r \"file_put_contents('storage/local/last-composer-lock-hash', md5_file('composer.lock'));\""
        ],

when I run composer run script post-update-cmd the composer package will remove the prefix @php and extract -r to determine if the file is executable, and then in the find() method of symfony/process the exec('command -v') will execute that exec('command -v -r') and output a message that

https://github.com/symfony/symfony/blob/4328f5b16852b8daefc957d370c08ee0bfbf3dbc/src/Symfony/Component/Process/ExecutableFinder.php#L72

symfony/porcess > v6.4
➜   composer run-script post-update-cmd 
php-http/discovery contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "php-http/discovery" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] d
> @php -r "file_put_contents('storage/local/last-composer-lock-hash', md5_file('composer.lock'));"
sh: line 0: command: -r: invalid option
command: usage: command [-pVv] command [arg ...]

Seldaek
Seldaek reviewed Jan 18, 2024
View reviewed changes
@xabbuh
Copy link
Contributor
xabbuh commented Jan 18, 2024

Is this still relevant given that symfony/symfony#53481 has been merged in the meantime?

@Seldaek
Copy link
Member
Seldaek commented Jan 18, 2024

I'm confused because I cannot reproduce this here.. Even without the patch applied on symfony/process:

$p = new \Symfony\Component\Process\ExecutableFinder();
var_dump($p->find('-r')); // => outputs null

@Seldaek
Copy link
Member
Seldaek commented Jan 18, 2024

But yeah I would tend to say if it's been fixed upstream let's just upgrade when it's been tagged and not do anything here.

@kayw-geek kayw-geek closed this Jan 19, 2024
@Seldaek
Copy link
Member
Seldaek commented Feb 7, 2024

Should be fixed now as we are running on latest symfony deps (at least composer self-update --snapshot is)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Seldaek Seldaek Seldaek left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kayw-geek @xabbuh @Seldaek
0