Changeset 3299013

Timestamp:

05/22/2025 07:19:17 PM (7 months ago)

Author:

boonebgorges

Message:

Create tag 2.2.5.

Location:

buddypress-docs

Files:

• tags/2.2.5 (copied) (copied from buddypress-docs/trunk)
• tags/2.2.5/includes/component.php (modified) (1 diff)
• tags/2.2.5/includes/functions.php (modified) (1 diff)
• tags/2.2.5/includes/templatetags-edit.php (modified) (1 diff)
• tags/2.2.5/languages/buddypress-docs-ro_RO.mo (modified) (previous)
• tags/2.2.5/languages/buddypress-docs-ro_RO.po (modified) (1 diff)
• tags/2.2.5/languages/buddypress-docs.pot (modified) (5 diffs)
• tags/2.2.5/loader.php (modified) (2 diffs)
• tags/2.2.5/readme.txt (modified) (2 diffs)
• tags/2.2.5/vendor/autoload.php (modified) (1 diff)
• tags/2.2.5/vendor/composer/InstalledVersions.php (modified) (5 diffs)
• tags/2.2.5/vendor/composer/installed.php (modified) (2 diffs)
• trunk/includes/component.php (modified) (1 diff)
• trunk/includes/functions.php (modified) (1 diff)
• trunk/includes/templatetags-edit.php (modified) (1 diff)
• trunk/languages/buddypress-docs-ro_RO.mo (modified) (previous)
• trunk/languages/buddypress-docs-ro_RO.po (modified) (1 diff)
• trunk/languages/buddypress-docs.pot (modified) (5 diffs)
• trunk/loader.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/vendor/autoload.php (modified) (1 diff)
• trunk/vendor/composer/InstalledVersions.php (modified) (5 diffs)
• trunk/vendor/composer/installed.php (modified) (2 diffs)

buddypress-docs/tags/2.2.5/includes/component.php

@@ -458 +458 @@
         if ( ! empty( $_POST['doc-edit-submit'] ) || ! empty( $_POST['doc-edit-submit-continue'] ) ) {
 
-            // Existing Docs have a more specific permission check.
-            $doc = bp_docs_get_current_doc();
-            if ( $doc && ! current_user_can( 'bp_docs_edit', $doc->ID ) ) {
-                return;
-            } elseif ( ! $doc && ! current_user_can( 'bp_docs_create' ) ) {
-                return;
-            }
-
+            $doc_id = false;
+            if ( isset( $_POST['doc-id'] ) ) {
+                $doc_id = absint( $_POST['doc-id'] );
+            }
+
+            $current_doc = bp_docs_get_current_doc();
+            if ( $current_doc ) {
+                // Don't allow editing if there's a mismatch.
+                if ( $doc_id && $doc_id !== $current_doc->ID ) {
+                    return;
+                }
+
+                $doc_id = $current_doc->ID;
+            }
+
+            // Legacy.
             check_admin_referer( 'bp_docs_save' );
+
+            if ( $doc_id ) {
+                check_admin_referer( 'bp_docs_edit_' . (string) $doc_id, 'bp_docs_edit_nonce' );
+            }
 
             $result = bp_docs_save_doc_via_post();

buddypress-docs/tags/2.2.5/includes/functions.php

@@ -1111 +1111 @@
     );
 
-    if ( isset( $_POST['doc_id'] ) && 0 != $_POST['doc_id'] ) {
+    if ( empty( $args['doc_id'] ) && ! empty( $_POST['doc_id'] ) ) {
         $args['doc_id'] = (int) $_POST['doc_id'];
+    }
+
+    // Existing Docs have a more specific permission check.
+    if ( $args['doc_id'] && ! current_user_can( 'bp_docs_edit', $args['doc_id'] ) ) {
+        return;
+    } elseif ( ! $args['doc_id'] && ! current_user_can( 'bp_docs_create' ) ) {
+        return;
     }
 

buddypress-docs/tags/2.2.5/includes/templatetags-edit.php

@@ -98 +98 @@
         return apply_filters( 'bp_docs_get_edit_doc_content', $content );
     }
+
+/**
+ * Echoes a nonce field for specific doc editing.
+ *
+ * @since 2.2.5
+ *
+ * @param int $doc_id The ID of the doc being edited. If not set, will use the current doc.
+ *                    We make this optional because old templates may not pass it.
+ * @return void
+ */
+function bp_docs_edit_doc_nonce( $doc_id = null ) {
+    if ( ! $doc_id ) {
+        $doc = bp_docs_get_current_doc();
+        if ( $doc ) {
+            $doc_id = $doc->ID;
+        }
+    }
+
+    if ( ! $doc_id ) {
+        return;
+    }
+
+    wp_nonce_field( 'bp_docs_edit_' . (string) $doc_id, 'bp_docs_edit_nonce' );
+}
+add_action( 'bp_docs_before_doc_edit_content', 'bp_docs_edit_doc_nonce' );
 
 /**

buddypress-docs/tags/2.2.5/languages/buddypress-docs-ro_RO.po

@@ -215 +215 @@
 #: includes/templates/docs/docs-loop.php:79
 msgid "Viewing %1$s-%2$s of %3$s docs"
-msgstr "Vizualizarea %1$ s-% 2$ s de %3$ s docs"
+msgstr "Vizualizarea %1$s-%2$s de %3$s docs"
 
 #: includes/templates/docs/docs-loop.php:89

buddypress-docs/tags/2.2.5/languages/buddypress-docs.pot

@@ -1 @@
-# Copyright (C) 2024 Boone B Gorges, David Cavins
+# Copyright (C) 2025 Boone B Gorges, David Cavins
 # This file is distributed under the same license as the BuddyPress Docs plugin.
 msgid ""
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-10-04T09:14:01-05:00\n"
+"POT-Creation-Date: 2025-05-22T14:13:55-05:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
@@ -568 +568 @@
 
 #: includes/attachments.php:434
-#: includes/component.php:1091
+#: includes/component.php:1103
 msgid "Upload File"
 msgstr ""
 
 #: includes/attachments.php:435
-#: includes/component.php:1092
+#: includes/component.php:1104
 msgid "OK"
 msgstr ""
@@ -693 +693 @@
 msgstr ""
 
-#: includes/component.php:495
+#: includes/component.php:507
 msgid "This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes."
 msgstr ""
 
-#: includes/component.php:508
+#: includes/component.php:520
 msgid "You do not have permission to edit the doc."
 msgstr ""
 
-#: includes/component.php:522
+#: includes/component.php:534
 msgid "You do not have permission to create a Doc in this group."
 msgstr ""
 
-#: includes/component.php:536
+#: includes/component.php:548
 msgid "You do not have permission to view this Doc's history."
 msgstr ""
 
-#: includes/component.php:560
+#: includes/component.php:572
 msgid "Lock successfully removed"
 msgstr ""
 
-#: includes/component.php:592
+#: includes/component.php:604
 msgid "Doc successfully deleted!"
 msgstr ""
 
-#: includes/component.php:594
+#: includes/component.php:606
 msgid "Could not delete doc."
 msgstr ""
 
-#: includes/component.php:597
+#: includes/component.php:609
 msgid "You do not have permission to delete that doc."
 msgstr ""
 
-#: includes/component.php:618
+#: includes/component.php:630
 msgid "Doc successfully removed from Trash!"
 msgstr ""
 
-#: includes/component.php:620
+#: includes/component.php:632
 msgid "Could not remove Doc from Trash."
 msgstr ""
 
-#: includes/component.php:623
+#: includes/component.php:635
 msgid "You do not have permission to remove that Doc from the Trash."
 msgstr ""
 
-#: includes/component.php:638
+#: includes/component.php:650
 msgid "Doc successfully removed from the group"
 msgstr ""
 
-#: includes/component.php:640
+#: includes/component.php:652
 msgid "Could not remove Doc from the group."
 msgstr ""
 
-#: includes/component.php:643
+#: includes/component.php:655
 msgid "You do not have permission to remove that Doc from this group."
 msgstr ""
 
-#: includes/component.php:978
-#: includes/component.php:1001
-#: includes/component.php:1003
+#: includes/component.php:990
+#: includes/component.php:1013
+#: includes/component.php:1015
 msgid "Search"
 msgstr ""
 
-#: includes/component.php:1086
+#: includes/component.php:1098
 msgid "and %d more"
 msgstr ""
 
-#: includes/component.php:1088
+#: includes/component.php:1100
 msgid "show all tags"
 msgstr ""
 
-#: includes/component.php:1089
+#: includes/component.php:1101
 msgid "show fewer tags"
 msgstr ""
 
-#: includes/component.php:1090
+#: includes/component.php:1102
 msgid "Still working?"
 msgstr ""
@@ -1164 +1164 @@
 msgstr ""
 
-#: includes/templatetags-edit.php:147
+#: includes/templatetags-edit.php:172
 msgid "(no parent)"
 msgstr ""

buddypress-docs/tags/2.2.5/loader.php

@@ -4 +4 @@
 Plugin URI: http://github.com/boonebgorges/buddypress-docs
 Description: Adds collaborative Docs to BuddyPress
-Version: 2.2.4
+Version: 2.2.5
 Author: Boone B Gorges, David Cavins
 Author URI: http://boone.gorg.es
@@ -16 +16 @@
 */
 
-define( 'BP_DOCS_VERSION', '2.2.4' );
+define( 'BP_DOCS_VERSION', '2.2.5' );
 
 require_once __DIR__ . '/vendor/autoload.php';

buddypress-docs/tags/2.2.5/readme.txt

@@ -4 +4 @@
 Tags: buddypress, docs, wiki, documents, collaboration
 Requires at least: 3.3
-Tested up to: 6.6
-Stable tag: 2.2.4
+Tested up to: 6.8
+Stable tag: 2.2.5
 
 Adds collaborative Docs to BuddyPress.
@@ -33 +33 @@
 
 == Changelog ==
+
+= 2.2.5 =
+* Security fix: Prevent users from editing Docs that they do not have permission to edit. Props to HedgeByte Cybersecurity for reporting this issue.
+* Fixed bug in ro_RO translation package.
 
 = 2.2.4 =

buddypress-docs/tags/2.2.5/vendor/autoload.php

@@ -15 +15 @@
         }
     }
-    trigger_error(
-        $err,
-        E_USER_ERROR
-    );
+    throw new RuntimeException($err);
 }
 

buddypress-docs/tags/2.2.5/vendor/composer/InstalledVersions.php

@@ -28 +28 @@
 {
     /**
+     * @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
+     * @internal
+     */
+    private static $selfDir = null;
+
+    /**
      * @var mixed[]|null
      * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
+
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
 
     /**
@@ -310 +321 @@
         self::$installed = $data;
         self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
+    }
+
+    /**
+     * @return string
+     */
+    private static function getSelfDir()
+    {
+        if (self::$selfDir === null) {
+            self::$selfDir = strtr(__DIR__, '\\', '/');
+        }
+
+        return self::$selfDir;
     }
 
@@ -323 +352 @@
 
         $installed = array();
+        $copiedLocalDir = false;
 
         if (self::$canGetVendors) {
+            $selfDir = self::getSelfDir();
             foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
@@ -331 +363 @@
                     /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                     $required = require $vendorDir.'/composer/installed.php';
-                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                     }
+                }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
                 }
             }
@@ -351 +388 @@
         }
 
-        if (self::$installed !== array()) {
+        if (self::$installed !== array() && !$copiedLocalDir) {
             $installed[] = self::$installed;
         }

buddypress-docs/tags/2.2.5/vendor/composer/installed.php

@@ -2 +2 @@
     'root' => array(
         'name' => 'boonebgorges/buddypress-docs',
-        'pretty_version' => '2.1.4',
-        'version' => '2.1.4.0',
+        'pretty_version' => '2.2.5',
+        'version' => '2.2.5.0',
         'reference' => null,
         'type' => 'project',
@@ -12 +12 @@
     'versions' => array(
         'boonebgorges/buddypress-docs' => array(
-            'pretty_version' => '2.1.4',
-            'version' => '2.1.4.0',
+            'pretty_version' => '2.2.5',
+            'version' => '2.2.5.0',
             'reference' => null,
             'type' => 'project',

buddypress-docs/trunk/includes/component.php

@@ -458 +458 @@
         if ( ! empty( $_POST['doc-edit-submit'] ) || ! empty( $_POST['doc-edit-submit-continue'] ) ) {
 
-            // Existing Docs have a more specific permission check.
-            $doc = bp_docs_get_current_doc();
-            if ( $doc && ! current_user_can( 'bp_docs_edit', $doc->ID ) ) {
-                return;
-            } elseif ( ! $doc && ! current_user_can( 'bp_docs_create' ) ) {
-                return;
-            }
-
+            $doc_id = false;
+            if ( isset( $_POST['doc-id'] ) ) {
+                $doc_id = absint( $_POST['doc-id'] );
+            }
+
+            $current_doc = bp_docs_get_current_doc();
+            if ( $current_doc ) {
+                // Don't allow editing if there's a mismatch.
+                if ( $doc_id && $doc_id !== $current_doc->ID ) {
+                    return;
+                }
+
+                $doc_id = $current_doc->ID;
+            }
+
+            // Legacy.
             check_admin_referer( 'bp_docs_save' );
+
+            if ( $doc_id ) {
+                check_admin_referer( 'bp_docs_edit_' . (string) $doc_id, 'bp_docs_edit_nonce' );
+            }
 
             $result = bp_docs_save_doc_via_post();

buddypress-docs/trunk/includes/functions.php

@@ -1111 +1111 @@
     );
 
-    if ( isset( $_POST['doc_id'] ) && 0 != $_POST['doc_id'] ) {
+    if ( empty( $args['doc_id'] ) && ! empty( $_POST['doc_id'] ) ) {
         $args['doc_id'] = (int) $_POST['doc_id'];
+    }
+
+    // Existing Docs have a more specific permission check.
+    if ( $args['doc_id'] && ! current_user_can( 'bp_docs_edit', $args['doc_id'] ) ) {
+        return;
+    } elseif ( ! $args['doc_id'] && ! current_user_can( 'bp_docs_create' ) ) {
+        return;
     }
 

buddypress-docs/trunk/includes/templatetags-edit.php

@@ -98 +98 @@
         return apply_filters( 'bp_docs_get_edit_doc_content', $content );
     }
+
+/**
+ * Echoes a nonce field for specific doc editing.
+ *
+ * @since 2.2.5
+ *
+ * @param int $doc_id The ID of the doc being edited. If not set, will use the current doc.
+ *                    We make this optional because old templates may not pass it.
+ * @return void
+ */
+function bp_docs_edit_doc_nonce( $doc_id = null ) {
+    if ( ! $doc_id ) {
+        $doc = bp_docs_get_current_doc();
+        if ( $doc ) {
+            $doc_id = $doc->ID;
+        }
+    }
+
+    if ( ! $doc_id ) {
+        return;
+    }
+
+    wp_nonce_field( 'bp_docs_edit_' . (string) $doc_id, 'bp_docs_edit_nonce' );
+}
+add_action( 'bp_docs_before_doc_edit_content', 'bp_docs_edit_doc_nonce' );
 
 /**

buddypress-docs/trunk/languages/buddypress-docs-ro_RO.po

@@ -215 +215 @@
 #: includes/templates/docs/docs-loop.php:79
 msgid "Viewing %1$s-%2$s of %3$s docs"
-msgstr "Vizualizarea %1$ s-% 2$ s de %3$ s docs"
+msgstr "Vizualizarea %1$s-%2$s de %3$s docs"
 
 #: includes/templates/docs/docs-loop.php:89

buddypress-docs/trunk/languages/buddypress-docs.pot

@@ -1 @@
-# Copyright (C) 2024 Boone B Gorges, David Cavins
+# Copyright (C) 2025 Boone B Gorges, David Cavins
 # This file is distributed under the same license as the BuddyPress Docs plugin.
 msgid ""
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-10-04T09:14:01-05:00\n"
+"POT-Creation-Date: 2025-05-22T14:13:55-05:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
@@ -568 +568 @@
 
 #: includes/attachments.php:434
-#: includes/component.php:1091
+#: includes/component.php:1103
 msgid "Upload File"
 msgstr ""
 
 #: includes/attachments.php:435
-#: includes/component.php:1092
+#: includes/component.php:1104
 msgid "OK"
 msgstr ""
@@ -693 +693 @@
 msgstr ""
 
-#: includes/component.php:495
+#: includes/component.php:507
 msgid "This doc is currently being edited by %s. To prevent overwrites, you cannot edit until that user has finished. Please try again in a few minutes."
 msgstr ""
 
-#: includes/component.php:508
+#: includes/component.php:520
 msgid "You do not have permission to edit the doc."
 msgstr ""
 
-#: includes/component.php:522
+#: includes/component.php:534
 msgid "You do not have permission to create a Doc in this group."
 msgstr ""
 
-#: includes/component.php:536
+#: includes/component.php:548
 msgid "You do not have permission to view this Doc's history."
 msgstr ""
 
-#: includes/component.php:560
+#: includes/component.php:572
 msgid "Lock successfully removed"
 msgstr ""
 
-#: includes/component.php:592
+#: includes/component.php:604
 msgid "Doc successfully deleted!"
 msgstr ""
 
-#: includes/component.php:594
+#: includes/component.php:606
 msgid "Could not delete doc."
 msgstr ""
 
-#: includes/component.php:597
+#: includes/component.php:609
 msgid "You do not have permission to delete that doc."
 msgstr ""
 
-#: includes/component.php:618
+#: includes/component.php:630
 msgid "Doc successfully removed from Trash!"
 msgstr ""
 
-#: includes/component.php:620
+#: includes/component.php:632
 msgid "Could not remove Doc from Trash."
 msgstr ""
 
-#: includes/component.php:623
+#: includes/component.php:635
 msgid "You do not have permission to remove that Doc from the Trash."
 msgstr ""
 
-#: includes/component.php:638
+#: includes/component.php:650
 msgid "Doc successfully removed from the group"
 msgstr ""
 
-#: includes/component.php:640
+#: includes/component.php:652
 msgid "Could not remove Doc from the group."
 msgstr ""
 
-#: includes/component.php:643
+#: includes/component.php:655
 msgid "You do not have permission to remove that Doc from this group."
 msgstr ""
 
-#: includes/component.php:978
-#: includes/component.php:1001
-#: includes/component.php:1003
+#: includes/component.php:990
+#: includes/component.php:1013
+#: includes/component.php:1015
 msgid "Search"
 msgstr ""
 
-#: includes/component.php:1086
+#: includes/component.php:1098
 msgid "and %d more"
 msgstr ""
 
-#: includes/component.php:1088
+#: includes/component.php:1100
 msgid "show all tags"
 msgstr ""
 
-#: includes/component.php:1089
+#: includes/component.php:1101
 msgid "show fewer tags"
 msgstr ""
 
-#: includes/component.php:1090
+#: includes/component.php:1102
 msgid "Still working?"
 msgstr ""
@@ -1164 +1164 @@
 msgstr ""
 
-#: includes/templatetags-edit.php:147
+#: includes/templatetags-edit.php:172
 msgid "(no parent)"
 msgstr ""

buddypress-docs/trunk/loader.php

@@ -4 +4 @@
 Plugin URI: http://github.com/boonebgorges/buddypress-docs
 Description: Adds collaborative Docs to BuddyPress
-Version: 2.2.4
+Version: 2.2.5
 Author: Boone B Gorges, David Cavins
 Author URI: http://boone.gorg.es
@@ -16 +16 @@
 */
 
-define( 'BP_DOCS_VERSION', '2.2.4' );
+define( 'BP_DOCS_VERSION', '2.2.5' );
 
 require_once __DIR__ . '/vendor/autoload.php';

buddypress-docs/trunk/readme.txt

@@ -4 +4 @@
 Tags: buddypress, docs, wiki, documents, collaboration
 Requires at least: 3.3
-Tested up to: 6.6
-Stable tag: 2.2.4
+Tested up to: 6.8
+Stable tag: 2.2.5
 
 Adds collaborative Docs to BuddyPress.
@@ -33 +33 @@
 
 == Changelog ==
+
+= 2.2.5 =
+* Security fix: Prevent users from editing Docs that they do not have permission to edit. Props to HedgeByte Cybersecurity for reporting this issue.
+* Fixed bug in ro_RO translation package.
 
 = 2.2.4 =

buddypress-docs/trunk/vendor/autoload.php

@@ -15 +15 @@
         }
     }
-    trigger_error(
-        $err,
-        E_USER_ERROR
-    );
+    throw new RuntimeException($err);
 }
 

buddypress-docs/trunk/vendor/composer/InstalledVersions.php

@@ -28 +28 @@
 {
     /**
+     * @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
+     * @internal
+     */
+    private static $selfDir = null;
+
+    /**
      * @var mixed[]|null
      * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
      */
     private static $installed;
+
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
 
     /**
@@ -310 +321 @@
         self::$installed = $data;
         self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
+    }
+
+    /**
+     * @return string
+     */
+    private static function getSelfDir()
+    {
+        if (self::$selfDir === null) {
+            self::$selfDir = strtr(__DIR__, '\\', '/');
+        }
+
+        return self::$selfDir;
     }
 
@@ -323 +352 @@
 
         $installed = array();
+        $copiedLocalDir = false;
 
         if (self::$canGetVendors) {
+            $selfDir = self::getSelfDir();
             foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                 if (isset(self::$installedByVendor[$vendorDir])) {
                     $installed[] = self::$installedByVendor[$vendorDir];
@@ -331 +363 @@
                     /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                     $required = require $vendorDir.'/composer/installed.php';
-                    $installed[] = self::$installedByVendor[$vendorDir] = $required;
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                     }
+                }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
                 }
             }
@@ -351 +388 @@
         }
 
-        if (self::$installed !== array()) {
+        if (self::$installed !== array() && !$copiedLocalDir) {
             $installed[] = self::$installed;
         }

buddypress-docs/trunk/vendor/composer/installed.php

@@ -2 +2 @@
     'root' => array(
         'name' => 'boonebgorges/buddypress-docs',
-        'pretty_version' => '2.1.4',
-        'version' => '2.1.4.0',
+        'pretty_version' => '2.2.5',
+        'version' => '2.2.5.0',
         'reference' => null,
         'type' => 'project',
@@ -12 +12 @@
     'versions' => array(
         'boonebgorges/buddypress-docs' => array(
-            'pretty_version' => '2.1.4',
-            'version' => '2.1.4.0',
+            'pretty_version' => '2.2.5',
+            'version' => '2.2.5.0',
             'reference' => null,
             'type' => 'project',