use LoggerAwareTrait;
/** @var string */
- private $command = '';
+ protected $command = '';
/** @var array */
private $limits = [
private $method;
/** @var bool */
- private $useStderr = false;
+ private $doIncludeStderr = false;
+
+ /** @var bool */
+ private $doLogStderr = false;
/** @var bool */
private $everExecuted = false;
/** @var string|false */
private $cgroup = false;
+ /**
+ * bitfield with restrictions
+ *
+ * @var int
+ */
+ protected $restrictions = 0;
+
/**
* Constructor. Don't call directly, instead use Shell::command()
*
/**
* Adds parameters to the command. All parameters are sanitized via Shell::escape().
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= ' ' . Shell::escape( $args );
+ $this->command = trim( $this->command . ' ' . Shell::escape( $args ) );
return $this;
}
/**
* Adds unsafe parameters to the command. These parameters are NOT sanitized in any way.
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= implode( ' ', $args );
+ $args = array_filter( $args,
+ function ( $value ) {
+ return $value !== null;
+ }
+ );
+ $this->command = trim( $this->command . ' ' . implode( ' ', $args ) );
return $this;
}
* @return $this
*/
public function includeStderr( $yesno = true ) {
- $this->useStderr = $yesno;
+ $this->doIncludeStderr = $yesno;
+
+ return $this;
+ }
+
+ /**
+ * When enabled, text sent to stderr will be logged with a level of 'error'.
+ *
+ * @param bool $yesno
+ * @return $this
+ */
+ public function logStderr( $yesno = true ) {
+ $this->doLogStderr = $yesno;
return $this;
}
return $this;
}
+ /**
+ * Set additional restrictions for this request
+ *
+ * @since 1.31
+ * @param int $restrictions
+ * @return $this
+ */
+ public function restrict( $restrictions ) {
+ $this->restrictions |= $restrictions;
+
+ return $this;
+ }
+
+ /**
+ * Bitfield helper on whether a specific restriction is enabled
+ *
+ * @param int $restriction
+ *
+ * @return bool
+ */
+ protected function hasRestriction( $restriction ) {
+ return ( $this->restrictions & $restriction ) === $restriction;
+ }
+
+ /**
+ * If called, only the files/directories that are
+ * whitelisted will be available to the shell command.
+ *
+ * limit.sh will always be whitelisted
+ *
+ * @param string[] $paths
+ *
+ * @return $this
+ */
+ public function whitelistPaths( array $paths ) {
+ // Default implementation is a no-op
+ return $this;
+ }
+
/**
* String together all the options and build the final command
* to execute
*
+ * @param string $command Already-escaped command to run
* @return array [ command, whether to use log pipe ]
*/
- protected function buildFinalCommand() {
+ protected function buildFinalCommand( $command ) {
$envcmd = '';
foreach ( $this->env as $k => $v ) {
if ( wfIsWindows() ) {
}
$useLogPipe = false;
- $cmd = $envcmd . trim( $this->command );
+ $cmd = $envcmd . trim( $command );
if ( is_executable( '/bin/bash' ) ) {
$time = intval( $this->limits['time'] );
$cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' .
escapeshellarg( $cmd ) . ' ' .
escapeshellarg(
- "MW_INCLUDE_STDERR=" . ( $this->useStderr ? '1' : '' ) . ';' .
+ "MW_INCLUDE_STDERR=" . ( $this->doIncludeStderr ? '1' : '' ) . ';' .
"MW_CPU_LIMIT=$time; " .
'MW_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
"MW_MEM_LIMIT=$mem; " .
$useLogPipe = true;
}
}
- if ( !$useLogPipe && $this->useStderr ) {
+ if ( !$useLogPipe && $this->doIncludeStderr ) {
$cmd .= ' 2>&1';
}
$profileMethod = $this->method ?: wfGetCaller();
- list( $cmd, $useLogPipe ) = $this->buildFinalCommand();
+ list( $cmd, $useLogPipe ) = $this->buildFinalCommand( $this->command );
$this->logger->debug( __METHOD__ . ": $cmd" );
$this->logger->warning( "$logMsg: {command}", [ 'command' => $cmd ] );
}
+ if ( $errBuffer && $this->doLogStderr ) {
+ $this->logger->error( "Error running {command}: {error}", [
+ 'command' => $cmd,
+ 'error' => $errBuffer,
+ 'exitcode' => $retval,
+ 'exception' => new Exception( 'Shell error' ),
+ ] );
+ }
+
return new Result( $retval, $outBuffer, $errBuffer );
}
}
dépôts / lhc / web / wiklou.git / blobdiff