The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.
If the htaccess file already exists, this hook won't do anything.
Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
The old VersionConstraint class is deprecated in modern versions
of composer which use the version from the composer/semver library.
Bug: T119590
Change-Id: I52ad75e7e25f6583bb4b13489a09d2f2d934e67d
These files have all had treatment before, and these occurrences have either
been missed or have been introduced after.
Change-Id: I06cdab4616b5bff47c85152df28f18c861730a23
- Added spaces after if/foreach/catch
- Added new line before end of file
- Added or removed spaces before/after parenthesis, comma
- Added spaces around string concat
Change-Id: I0590070f1b3542108e242730e8d9a3ba9831e94f
they support via Composer.
This change allows extensions to specify they depend on a specific
version or version range of MediaWiki. This is done by adding the
package mediawiki/mediawiki in their composer.json require section.
As MediaWiki itself is not a Composer package and is quite far away
from becoming one, a workaround was needed, which is provided by
this commit.
It works as follows. When "composer install" or "composer update"
is run, a Composer hook is invoked. This hook programmatically
indicates the root package provides MediaWiki, as it indeed does
when extensions are installed into MediaWiki. The package link
of type "provides" includes the MediaWiki version, which is read
from DefaultSettings.php.
This functionality has been tested and confirmed to work. One needs
a recent Composer version for it to have an effect. The upcoming
Composer alpha8 release will suffice. See
https://github.com/composer/composer/issues/2520
Tests are included. Composer independent tests will run always,
while the Composer specific ones are skipped when Composer is
not installed.
People that already have a composer.json file in their MediaWiki
root directory will need to make the same additions there as this
commit makes to composer-json.example. If this is not done, the
new behaviour will not work for them (though no existing behaviour
will break). The change to the json file has been made in such a
way to minimize the likelihood that any future modifications there
will be needed.
Thanks go to @beausimensen (Sculpin) and @seldaek (Composer) for
their support.
Change-Id: I8df66a92971146ab79cd4fcbd181e559115ca240
