function Url::sanitize

24 calls to Url::sanitize()

ComposerRepository::getRepoName in vendor/composer/composer/src/Composer/Repository/ComposerRepository.php

Returns a name representing this repository to the user

ComposerRepository::initialize in vendor/composer/composer/src/Composer/Repository/ComposerRepository.php

@inheritDoc

ComposerRepository::startCachedAsyncDownload in vendor/composer/composer/src/Composer/Repository/ComposerRepository.php

@phpstan-return PromiseInterface<array{mixed, string}>

ComposerRepository::whatProvides in vendor/composer/composer/src/Composer/Repository/ComposerRepository.php

@phpstan-param array<key-of<BasePackage::STABILITIES>, BasePackage::STABILITY_*>|null $acceptableStabilities

ComposerRepository::__construct in vendor/composer/composer/src/Composer/Repository/ComposerRepository.php

@phpstan-param array{url: non-empty-string, options?: mixed[], type?: 'composer', allow_ssl_downgrade?: bool} $repoConfig

... See full list

File

vendor/composer/composer/src/Composer/Util/Url.php, line 106

Class

Url

@author Jordi Boggiano <j.boggiano@seld.be>

Namespace

Composer\Util

Code

public static function sanitize(string $url) : string {
    // GitHub repository rename result in redirect locations containing the access_token as GET parameter
    // e.g. https://api.github.com/repositories/9999999999?access_token=github_token
    $url = Preg::replace('{([&?]access_token=)[^&]+}', '$1***', $url);
    $url = Preg::replaceCallback('{^(?P<prefix>[a-z0-9]+://)?(?P<user>[^:/\\s@]+):(?P<password>[^@\\s/]+)@}i', static function ($m) : string {
        // if the username looks like a long (12char+) hex string, or a modern github token (e.g. ghp_xxx) we obfuscate that
        if (Preg::isMatch('{^([a-f0-9]{12,}|gh[a-z]_[a-zA-Z0-9_]+|github_pat_[a-zA-Z0-9_]+)$}', $m['user'])) {
            return $m['prefix'] . '***:***@';
        }
        return $m['prefix'] . $m['user'] . ':***@';
    }, $url);
    return $url;
}