MediaWiki  REL1_31
Shell.php
Go to the documentation of this file.
1 <?php
23 namespace MediaWiki\Shell;
24 
25 use Hooks;
27 
44 class Shell {
45 
56  const RESTRICT_DEFAULT = 39;
57 
64  const NO_ROOT = 1;
65 
72  const SECCOMP = 2;
73 
79  const PRIVATE_DEV = 4;
80 
87  const NO_NETWORK = 8;
88 
95  const NO_EXECVE = 16;
96 
102  const NO_LOCALSETTINGS = 32;
103 
109  const RESTRICT_NONE = 0;
110 
119  public static function command( $command ) {
120  $args = func_get_args();
121  if ( count( $args ) === 1 && is_array( reset( $args ) ) ) {
122  // If only one argument has been passed, and that argument is an array,
123  // treat it as a list of arguments
124  $args = reset( $args );
125  }
127  ->getShellCommandFactory()
128  ->create();
129 
130  return $command->params( $args );
131  }
132 
138  public static function isDisabled() {
139  static $disabled = null;
140 
141  if ( is_null( $disabled ) ) {
142  if ( !function_exists( 'proc_open' ) ) {
143  wfDebug( "proc_open() is disabled\n" );
144  $disabled = true;
145  } else {
146  $disabled = false;
147  }
148  }
149 
150  return $disabled;
151  }
152 
164  public static function escape( /* ... */ ) {
165  $args = func_get_args();
166  if ( count( $args ) === 1 && is_array( reset( $args ) ) ) {
167  // If only one argument has been passed, and that argument is an array,
168  // treat it as a list of arguments
169  $args = reset( $args );
170  }
171 
172  $first = true;
173  $retVal = '';
174  foreach ( $args as $arg ) {
175  if ( $arg === null ) {
176  continue;
177  }
178  if ( !$first ) {
179  $retVal .= ' ';
180  } else {
181  $first = false;
182  }
183 
184  if ( wfIsWindows() ) {
185  // Escaping for an MSVC-style command line parser and CMD.EXE
186  // Refs:
187  // * https://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
188  // * https://technet.microsoft.com/en-us/library/cc723564.aspx
189  // * T15518
190  // * CR r63214
191  // Double the backslashes before any double quotes. Escape the double quotes.
192  $tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE );
193  $arg = '';
194  $iteration = 0;
195  foreach ( $tokens as $token ) {
196  if ( $iteration % 2 == 1 ) {
197  // Delimiter, a double quote preceded by zero or more slashes
198  $arg .= str_replace( '\\', '\\\\', substr( $token, 0, -1 ) ) . '\\"';
199  } elseif ( $iteration % 4 == 2 ) {
200  // ^ in $token will be outside quotes, need to be escaped
201  $arg .= str_replace( '^', '^^', $token );
202  } else { // $iteration % 4 == 0
203  // ^ in $token will appear inside double quotes, so leave as is
204  $arg .= $token;
205  }
206  $iteration++;
207  }
208  // Double the backslashes before the end of the string, because
209  // we will soon add a quote
210  $m = [];
211  if ( preg_match( '/^(.*?)(\\\\+)$/', $arg, $m ) ) {
212  $arg = $m[1] . str_replace( '\\', '\\\\', $m[2] );
213  }
214 
215  // Add surrounding quotes
216  $retVal .= '"' . $arg . '"';
217  } else {
218  $retVal .= escapeshellarg( $arg );
219  }
220  }
221  return $retVal;
222  }
223 
236  public static function makeScriptCommand( $script, $parameters, $options = [] ) {
238  // Give site config file a chance to run the script in a wrapper.
239  // The caller may likely want to call wfBasename() on $script.
240  Hooks::run( 'wfShellWikiCmd', [ &$script, &$parameters, &$options ] );
241  $cmd = isset( $options['php'] ) ? [ $options['php'] ] : [ $wgPhpCli ];
242  if ( isset( $options['wrapper'] ) ) {
243  $cmd[] = $options['wrapper'];
244  }
245  $cmd[] = $script;
246 
247  return self::command( $cmd )
248  ->params( $parameters )
249  ->restrict( self::RESTRICT_DEFAULT & ~self::NO_LOCALSETTINGS );
250  }
251 }
MediaWiki\Shell\Shell\NO_EXECVE
const NO_EXECVE
Deny execve syscall with seccomp.
Definition: Shell.php:95
$wgPhpCli
$wgPhpCli
Executable path of the PHP cli binary.
Definition: DefaultSettings.php:8301
MediaWiki\Shell\Shell
Executes shell commands.
Definition: Shell.php:44
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition: APACHE-LICENSE-2.0.txt:10
MediaWiki\Shell\Shell\SECCOMP
const SECCOMP
Use seccomp to block dangerous syscalls.
Definition: Shell.php:72
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:37
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:95
MediaWiki\Shell\Shell\isDisabled
static isDisabled()
Check if this class is effectively disabled via php.ini config.
Definition: Shell.php:138
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:994
MediaWiki\Shell\Shell\NO_ROOT
const NO_ROOT
Disallow any root access.
Definition: Shell.php:64
$options
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition: hooks.txt:2001
$command
$command
Definition: cdb.php:65
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:109
MediaWiki\Shell\Shell\RESTRICT_DEFAULT
const RESTRICT_DEFAULT
Apply a default set of restrictions for improved security out of the box.
Definition: Shell.php:56
wfIsWindows
wfIsWindows()
Check if the operating system is Windows.
Definition: GlobalFunctions.php:2019
$tokens
$tokens
Definition: mwdoc-filter.php:47
MediaWiki\Shell\Shell\escape
static escape()
Version of escapeshellarg() that works better on Windows.
Definition: Shell.php:164
$args
if( $line===false) $args
Definition: cdb.php:64
MediaWiki\Shell
Copyright (C) 2017 Kunal Mehta legoktm@member.fsf.org
Definition: Command.php:21
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:22
MediaWiki\Shell\Shell\PRIVATE_DEV
const PRIVATE_DEV
Create a private /dev.
Definition: Shell.php:79
MediaWiki\Shell\Shell\NO_NETWORK
const NO_NETWORK
Restrict the request to have no network access.
Definition: Shell.php:87
MediaWikiServices
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency MediaWikiServices
Definition: injection.txt:25
MediaWiki\Shell\Shell\RESTRICT_NONE
const RESTRICT_NONE
Don't apply any restrictions.
Definition: Shell.php:109
Hooks\run
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:203
MediaWiki\Shell\Shell\NO_LOCALSETTINGS
const NO_LOCALSETTINGS
Deny access to LocalSettings.php (MW_CONFIG_FILE)
Definition: Shell.php:102
Hooks
Hooks class.
Definition: Hooks.php:34
MediaWiki\Shell\Shell\makeScriptCommand
static makeScriptCommand( $script, $parameters, $options=[])
Generate a Command object to run a MediaWiki CLI script.
Definition: Shell.php:236
MediaWiki\Shell\Shell\command
static command( $command)
Returns a new instance of Command class.
Definition: Shell.php:119