From 7fcf167860aa1146e38ff26a5e4d074dc99a42cf Mon Sep 17 00:00:00 2001 From: umherirrender Date: Sun, 21 Apr 2013 16:59:18 +0200 Subject: [PATCH] Use wfShellExec in MimeMagic This avoids shell execution with backticks Change-Id: I37ca19f4b19a3a7f2834a234051e4044653fcfb1 --- includes/MimeMagic.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/includes/MimeMagic.php b/includes/MimeMagic.php index 24d803b39e..1627b3d440 100644 --- a/includes/MimeMagic.php +++ b/includes/MimeMagic.php @@ -876,9 +876,8 @@ class MimeMagic { $m = null; if ( $wgMimeDetectorCommand ) { - // @todo FIXME: Use wfShellExec - $fn = wfEscapeShellArg( $file ); - $m = `$wgMimeDetectorCommand $fn`; + $args = wfEscapeShellArg( $file ); + $m = wfShellExec( "$wgMimeDetectorCommand $args" ); } elseif ( function_exists( "finfo_open" ) && function_exists( "finfo_file" ) ) { # This required the fileinfo extension by PECL, -- 2.20.1