Skip to content

Commit 6bd43df

Browse files
SeldaekSeldaek
authored
Merge pull request from GHSA-v9qv-c7wm-wgmf 
1 parent fa3b958 commit 6bd43df

File tree

2 files changed

+11
-10
lines changed

2 files changed

+11
-10
lines changed

src/Composer/Package/Version/VersionGuesser.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ private function guessGitVersion(array $packageConfig, string $path): array
173173
$featurePrettyVersion = $prettyVersion;
174174

175175
// try to find the best (nearest) version branch to assume this feature's version
176-
$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'git rev-list %candidate%..%branch%', $path);
176+
$result = $this->guessFeatureVersion($packageConfig, $version, $branches, ['git', 'rev-list', '%candidate%..%branch%'], $path);
177177
$version = $result['version'];
178178
$prettyVersion = $result['pretty_version'];
179179
}
@@ -248,7 +248,7 @@ private function guessHgVersion(array $packageConfig, string $path): ?array
248248
$branches = array_map('strval', array_keys($driver->getBranches()));
249249

250250
// try to find the best (nearest) version branch to assume this feature's version
251-
$result = $this->guessFeatureVersion($packageConfig, $version, $branches, 'hg log -r "not ancestors(\'%candidate%\') and ancestors(\'%branch%\')" --template "{node}\\n"', $path);
251+
$result = $this->guessFeatureVersion($packageConfig, $version, $branches, ['hg', 'log', '-r', 'not ancestors(\'%candidate%\') and ancestors(\'%branch%\')', '--template', '"{node}\\n"'], $path);
252252
$result['commit'] = '';
253253
$result['feature_version'] = $version;
254254
$result['feature_pretty_version'] = $version;
@@ -261,13 +261,12 @@ private function guessHgVersion(array $packageConfig, string $path): ?array
261261

262262
/**
263263
* @param array<string, mixed> $packageConfig
264-
* @param string[] $branches
265-
*
266-
* @phpstan-param non-empty-string $scmCmdline
264+
* @param list<string> $branches
265+
* @param list<string> $scmCmdline
267266
*
268267
* @return array{version: string|null, pretty_version: string|null}
269268
*/
270-
private function guessFeatureVersion(array $packageConfig, ?string $version, array $branches, string $scmCmdline, string $path): array
269+
private function guessFeatureVersion(array $packageConfig, ?string $version, array $branches, array $scmCmdline, string $path): array
271270
{
272271
$prettyVersion = $version;
273272

@@ -309,7 +308,9 @@ private function guessFeatureVersion(array $packageConfig, ?string $version, arr
309308
continue;
310309
}
311310

312-
$cmdLine = str_replace(['%candidate%', '%branch%'], [$candidate, $branch], $scmCmdline);
311+
$cmdLine = array_map(static function (string $component) use ($candidate, $branch) {
312+
return str_replace(['%candidate%', '%branch%'], [$candidate, $branch], $component);
313+
}, $scmCmdline);
313314
$promises[] = $this->process->executeAsync($cmdLine, $path)->then(function (Process $process) use (&$length, &$version, &$prettyVersion, $candidateVersion, &$promises): void {
314315
if (!$process->isSuccessful()) {
315316
return;

tests/Composer/Test/Package/Version/VersionGuesserTest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ public function testGuessVersionReadsAndRespectsNonFeatureBranchesConfigurationF
117117
'stdout' => " arbitrary $commitHash Commit message\n* feature $anotherCommitHash Another message\n",
118118
],
119119
[
120-
'cmd' => 'git rev-list arbitrary..feature',
120+
'cmd' => ['git', 'rev-list', 'arbitrary..feature'],
121121
'stdout' => "$anotherCommitHash\n",
122122
],
123123
], true);
@@ -147,7 +147,7 @@ public function testGuessVersionReadsAndRespectsNonFeatureBranchesConfigurationF
147147
'stdout' => " latest-testing $commitHash Commit message\n* feature $anotherCommitHash Another message\n",
148148
],
149149
[
150-
'cmd' => 'git rev-list latest-testing..feature',
150+
'cmd' => ['git', 'rev-list', 'latest-testing..feature'],
151151
'stdout' => "$anotherCommitHash\n",
152152
],
153153
], true);
@@ -352,7 +352,7 @@ public function testRemoteBranchesAreSelected(): void
352352
"remotes/origin/1.5 03a15d220da53c52eddd5f32ffca64a7b3801bea Commit message\n",
353353
],
354354
[
355-
'cmd' => 'git rev-list remotes/origin/1.5..feature-branch',
355+
'cmd' => ['git', 'rev-list', 'remotes/origin/1.5..feature-branch'],
356356
'stdout' => "\n",
357357
],
358358
], true);

0 commit comments

Comments
 (0)