Verified Commit d1721377 authored by alexpott's avatar alexpott
Browse files

Issue #3277025 by Spokje, longwave: For additional security you should declare...

Issue #3277025 by Spokje, longwave: For additional security you should declare the allow-plugins config with a list of packages names that are allowed to run code

(cherry picked from commit 8b44468e)
parent 7d583738
......@@ -218,14 +218,11 @@ public function testUnmanagedGitIgnoreWhenGitNotAvailable() {
exec('git --help', $output, $status);
$this->assertEquals(127, $status);
// Run the scaffold command.
$output = [];
exec('composer drupal:scaffold', $output, $status);
$output = $this->mustExec('composer drupal:scaffold 2>&1', NULL);
putenv('PATH=' . $oldPath . ':' . getenv('PATH'));
$expected = <<<EOT
0
Scaffolding files for fixtures/drupal-assets-fixture:
- Copy [web-root]/.csslintrc from assets/.csslintrc
- Copy [web-root]/.editorconfig from assets/.editorconfig
......@@ -247,8 +244,9 @@ public function testUnmanagedGitIgnoreWhenGitNotAvailable() {
Scaffolding files for fixtures/drupal-composer-drupal-project:
- Skip [web-root]/.htaccess: disabled
- Copy [web-root]/robots.txt from assets/robots-default.txt
EOT;
$this->assertEquals($expected, $status . "\n\n" . implode("\n", $output));
$this->assertEquals($expected, $output);
$this->assertFileExists($sut . '/docroot/index.php');
$this->assertFileDoesNotExist($sut . '/docroot/sites/default/.gitignore');
}
......
......@@ -39,6 +39,11 @@
"fixtures/drupal-core-fixture": "*",
"fixtures/scaffold-override-fixture": "*"
},
"config": {
"allow-plugins": {
"drupal/core-composer-scaffold": true
}
},
"extra": {
"drupal-scaffold": {
"allowed-packages": [
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment