Before it's too late, let's boil the oceans
and just do it. This patch assumes that old code
calling wfShellExec() doesn't know about restrictions
so it doesn't restrict anything. New code, however,
needs to specify its restrictions or deal with defaults.
Change-Id: I58963901087202d4a405bcdb6bd12758bb6b0ff7
MWTidy::checkErrors() and its callee TidyDriverBase::validate() are removed, as are
MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument(). The
$wgValidateAllHtml configuration option is removed and will be ignored.
+* Execution of external programs using MediaWiki\Shell\Command now applies RESTRICT_DEFAULT
+ Firejail restriction by default.
=== Deprecations in 1.31 ===
* The Revision class was deprecated in favor of RevisionStore, BlobStore, and
->limits( $limits )
->includeStderr( $includeStderr )
->profileMethod( $profileMethod )
+ // For b/c
+ ->restrict( Shell::RESTRICT_NONE )
->execute();
} catch ( ProcOpenError $ex ) {
$retval = -1;
public function create() {
if ( $this->restrictionMethod === 'firejail' ) {
$command = new FirejailCommand( $this->findFirejail() );
+ $command->restrict( Shell::RESTRICT_DEFAULT );
} else {
$command = new Command();
}
*/
const NO_LOCALSETTINGS = 32;
+ /**
+ * Don't apply any restrictions
+ *
+ * @since 1.31
+ */
+ const RESTRICT_NONE = 0;
+
/**
* Returns a new instance of Command class
*