Ensure env vars and ~ prefix cannot be used, refs composer/composer#1…

…1453
composer · May 5, 2023 · 6246e90 · 6246e90
1 parent 6bedbca
commit 6246e90
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/Entity/Package.php b/src/Entity/Package.php
@@ -406,6 +406,11 @@ public function setRepository(string $repoUrl): void
             return;
         }
 
+        // block env vars & ~ prefixes
+        if (Preg::isMatch('{^[%$~]}', $repoUrl)) {
+            return;
+        }
+
         try {
             $io = new NullIO();
             $config = Factory::createConfig();