use LoggerAwareTrait;
/** @var string */
- private $command = '';
+ protected $command = '';
/** @var array */
private $limits = [
/** @var string|false */
private $cgroup = false;
+ /**
+ * bitfield with restrictions
+ *
+ * @var int
+ */
+ protected $restrictions = 0;
+
/**
* Constructor. Don't call directly, instead use Shell::command()
*
/**
* Adds parameters to the command. All parameters are sanitized via Shell::escape().
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= ' ' . Shell::escape( $args );
+ $this->command = trim( $this->command . ' ' . Shell::escape( $args ) );
return $this;
}
/**
* Adds unsafe parameters to the command. These parameters are NOT sanitized in any way.
+ * Null values are ignored.
*
* @param string|string[] $args,...
* @return $this
// treat it as a list of arguments
$args = reset( $args );
}
- $this->command .= implode( ' ', $args );
+ $args = array_filter( $args,
+ function ( $value ) {
+ return $value !== null;
+ }
+ );
+ $this->command = trim( $this->command . ' ' . implode( ' ', $args ) );
return $this;
}
return $this;
}
+ /**
+ * Set additional restrictions for this request
+ *
+ * @since 1.31
+ * @param int $restrictions
+ * @return $this
+ */
+ public function restrict( $restrictions ) {
+ $this->restrictions |= $restrictions;
+
+ return $this;
+ }
+
+ /**
+ * Bitfield helper on whether a specific restriction is enabled
+ *
+ * @param int $restriction
+ *
+ * @return bool
+ */
+ protected function hasRestriction( $restriction ) {
+ return ( $this->restrictions & $restriction ) === $restriction;
+ }
+
+ /**
+ * If called, only the files/directories that are
+ * whitelisted will be available to the shell command.
+ *
+ * limit.sh will always be whitelisted
+ *
+ * @param string[] $paths
+ *
+ * @return $this
+ */
+ public function whitelistPaths( array $paths ) {
+ // Default implementation is a no-op
+ return $this;
+ }
+
/**
* String together all the options and build the final command
* to execute
*
+ * @param string $command Already-escaped command to run
* @return array [ command, whether to use log pipe ]
*/
- protected function buildFinalCommand() {
+ protected function buildFinalCommand( $command ) {
$envcmd = '';
foreach ( $this->env as $k => $v ) {
if ( wfIsWindows() ) {
}
$useLogPipe = false;
- $cmd = $envcmd . trim( $this->command );
+ $cmd = $envcmd . trim( $command );
if ( is_executable( '/bin/bash' ) ) {
$time = intval( $this->limits['time'] );
$profileMethod = $this->method ?: wfGetCaller();
- list( $cmd, $useLogPipe ) = $this->buildFinalCommand();
+ list( $cmd, $useLogPipe ) = $this->buildFinalCommand( $this->command );
$this->logger->debug( __METHOD__ . ": $cmd" );
dépôts / lhc / web / wiklou.git / blobdiff