X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=blobdiff_plain;f=includes%2Fshell%2FShell.php;h=d57bf4fcdcc27ef07e6629eda7681239e84d9d03;hb=0e211c4f29d2f52a0962db69c026e4e76482cf3f;hp=6e4fd02a13b9960722c0ff0a2f3ede9d997a228b;hpb=d0a8e6b9b30272ec216a8a2ceda3b7fc60db1e7a;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/shell/Shell.php b/includes/shell/Shell.php index 6e4fd02a13..d57bf4fcdc 100644 --- a/includes/shell/Shell.php +++ b/includes/shell/Shell.php @@ -31,6 +31,7 @@ use MediaWiki\MediaWikiServices; * * Use call chaining with this class for expressiveness: * $result = Shell::command( 'some command' ) + * ->input( 'foo' ) * ->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] ) * ->limits( [ 'time' => 300 ] ) * ->execute(); @@ -45,13 +46,13 @@ class Shell { * Apply a default set of restrictions for improved * security out of the box. * - * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV + * Equal to NO_ROOT | SECCOMP | PRIVATE_DEV | NO_LOCALSETTINGS * * @note This value will change over time to provide increased security * by default, and is not guaranteed to be backwards-compatible. * @since 1.31 */ - const RESTRICT_DEFAULT = 7; + const RESTRICT_DEFAULT = 39; /** * Disallow any root access. Any setuid binaries @@ -92,6 +93,13 @@ class Shell { */ const NO_EXECVE = 16; + /** + * Deny access to LocalSettings.php (MW_CONFIG_FILE) + * + * @since 1.31 + */ + const NO_LOCALSETTINGS = 32; + /** * Returns a new instance of Command class * @@ -142,7 +150,7 @@ class Shell { * PHP 5.2.6+ (bug backported to earlier distro releases of PHP). * * @param string $args,... strings to escape and glue together, or a single array of - * strings parameter + * strings parameter. Null values are ignored. * @return string */ public static function escape( /* ... */ ) { @@ -156,6 +164,9 @@ class Shell { $first = true; $retVal = ''; foreach ( $args as $arg ) { + if ( $arg === null ) { + continue; + } if ( !$first ) { $retVal .= ' '; } else {