From 24f5e54fbea3c09e913b40ae097fb1731fcb69dc Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Thu, 22 Jul 2021 13:47:31 +0200
Subject: [PATCH] Fix only/exclude to avoid matching names as sub-strings of
 full package names, fixes #10001

---
 src/Composer/Repository/FilterRepository.php            | 8 ++++----
 tests/Composer/Test/Repository/FilterRepositoryTest.php | 3 +++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/Composer/Repository/FilterRepository.php b/src/Composer/Repository/FilterRepository.php
index 61b31e91a0da..8778233fd8e3 100644
--- a/src/Composer/Repository/FilterRepository.php
+++ b/src/Composer/Repository/FilterRepository.php
@@ -33,17 +33,17 @@ public function __construct(RepositoryInterface $repo, array $options)
             if (!is_array($options['only'])) {
                 throw new \InvalidArgumentException('"only" key for repository '.$repo->getRepoName().' should be an array');
             }
-            $this->only = '{^'.implode('|', array_map(function ($val) {
+            $this->only = '{^(?:'.implode('|', array_map(function ($val) {
                 return BasePackage::packageNameToRegexp($val, '%s');
-            }, $options['only'])) .'$}iD';
+            }, $options['only'])) .')$}iD';
         }
         if (isset($options['exclude'])) {
             if (!is_array($options['exclude'])) {
                 throw new \InvalidArgumentException('"exclude" key for repository '.$repo->getRepoName().' should be an array');
             }
-            $this->exclude = '{^'.implode('|', array_map(function ($val) {
+            $this->exclude = '{^(?:'.implode('|', array_map(function ($val) {
                 return BasePackage::packageNameToRegexp($val, '%s');
-            }, $options['exclude'])) .'$}iD';
+            }, $options['exclude'])) .')$}iD';
         }
         if ($this->exclude && $this->only) {
             throw new \InvalidArgumentException('Only one of "only" and "exclude" can be specified for repository '.$repo->getRepoName());
diff --git a/tests/Composer/Test/Repository/FilterRepositoryTest.php b/tests/Composer/Test/Repository/FilterRepositoryTest.php
index 645d5cb0941e..e3f388da0e49 100644
--- a/tests/Composer/Test/Repository/FilterRepositoryTest.php
+++ b/tests/Composer/Test/Repository/FilterRepositoryTest.php
@@ -50,6 +50,9 @@ public static function repoMatchingTests()
             array(array('foo/aaa', 'foo/bbb'), array('only' => array('foo/*'))),
             array(array('foo/aaa', 'baz/yyy'), array('only' => array('foo/aaa', 'baz/yyy'))),
             array(array('bar/xxx'), array('exclude' => array('foo/*', 'baz/yyy'))),
+            // make sure sub-patterns are not matched without wildcard
+            array(array('foo/aaa', 'foo/bbb', 'bar/xxx', 'baz/yyy'), array('exclude' => array('foo/aa', 'az/yyy'))),
+            array(array(), array('only' => array('foo/aa', 'az/yyy'))),
         );
     }