X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=blobdiff_plain;f=includes%2Fshell%2FShell.php;h=d57bf4fcdcc27ef07e6629eda7681239e84d9d03;hb=0e211c4f29d2f52a0962db69c026e4e76482cf3f;hp=084e10e793527bfe7ef326f0918ab18cb6207222;hpb=fc5dced1ce8151b0354e0efda28a7542713f9cbe;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/shell/Shell.php b/includes/shell/Shell.php
index 084e10e793..d57bf4fcdc 100644
--- a/includes/shell/Shell.php
+++ b/includes/shell/Shell.php
@@ -31,6 +31,7 @@ use MediaWiki\MediaWikiServices;
  *
  * Use call chaining with this class for expressiveness:
  *  $result = Shell::command( 'some command' )
+ *       ->input( 'foo' )
  *       ->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] )
  *       ->limits( [ 'time' => 300 ] )
  *       ->execute();
@@ -45,13 +46,13 @@ class Shell {
 	 * Apply a default set of restrictions for improved
 	 * security out of the box.
 	 *
-	 * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV
+	 * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV | NO_LOCALSETTINGS
 	 *
 	 * @note This value will change over time to provide increased security
 	 *       by default, and is not guaranteed to be backwards-compatible.
 	 * @since 1.31
 	 */
-	const RESTRICT_DEFAULT = 7;
+	const RESTRICT_DEFAULT = 39;
 
 	/**
 	 * Disallow any root access. Any setuid binaries
@@ -92,6 +93,13 @@ class Shell {
 	 */
 	const NO_EXECVE = 16;
 
+	/**
+	 * Deny access to LocalSettings.php (MW_CONFIG_FILE)
+	 *
+	 * @since 1.31
+	 */
+	const NO_LOCALSETTINGS = 32;
+
 	/**
 	 * Returns a new instance of Command class
 	 *