MediaWiki  master
Shell.php
Go to the documentation of this file.
1 <?php
23 namespace MediaWiki\Shell;
24 
25 use Hooks;
27 use Shellbox\Shellbox;
28 
45 class Shell {
46 
53  public const NO_ROOT = 1;
54 
61  public const SECCOMP = 2;
62 
68  public const PRIVATE_DEV = 4;
69 
76  public const NO_NETWORK = 8;
77 
84  public const NO_EXECVE = 16;
85 
91  public const NO_LOCALSETTINGS = 32;
92 
101  public const RESTRICT_DEFAULT = self::NO_ROOT | self::SECCOMP | self::PRIVATE_DEV |
103 
109  public const RESTRICT_NONE = 0;
110 
120  public static function command( ...$commands ): Command {
121  if ( count( $commands ) === 1 && is_array( reset( $commands ) ) ) {
122  // If only one argument has been passed, and that argument is an array,
123  // treat it as a list of arguments
124  $commands = reset( $commands );
125  }
127  ->getShellCommandFactory()
128  ->create();
129 
130  return $command->params( $commands );
131  }
132 
138  public static function isDisabled(): bool {
139  static $disabled = null;
140 
141  if ( $disabled === null ) {
142  if ( !function_exists( 'proc_open' ) ) {
143  wfDebug( "proc_open() is disabled" );
144  $disabled = true;
145  } else {
146  $disabled = false;
147  }
148  }
149 
150  return $disabled;
151  }
152 
165  public static function escape( ...$args ): string {
166  return Shellbox::escape( ...$args );
167  }
168 
183  public static function makeScriptCommand(
184  string $script, array $parameters, $options = []
185  ): Command {
186  global $wgPhpCli;
187  // Give site config file a chance to run the script in a wrapper.
188  // The caller may likely want to call wfBasename() on $script.
189  Hooks::runner()->onWfShellWikiCmd( $script, $parameters, $options );
190  $cmd = [ $options['php'] ?? $wgPhpCli ];
191  if ( isset( $options['wrapper'] ) ) {
192  $cmd[] = $options['wrapper'];
193  }
194  $cmd[] = $script;
195 
196  return self::command( $cmd )
197  ->params( $parameters )
198  ->restrict( self::RESTRICT_DEFAULT & ~self::NO_LOCALSETTINGS );
199  }
200 }
MediaWiki\Shell\Shell\NO_EXECVE
const NO_EXECVE
Deny execve syscall with seccomp.
Definition: Shell.php:84
$wgPhpCli
$wgPhpCli
Executable path of the PHP cli binary.
Definition: DefaultSettings.php:9536
MediaWiki\Shell\Shell
Executes shell commands.
Definition: Shell.php:45
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:193
MediaWiki\Shell\Command
Class used for executing shell commands.
Definition: Command.php:39
MediaWiki\Shell\Shell\SECCOMP
const SECCOMP
Use seccomp to block dangerous syscalls.
Definition: Shell.php:61
MediaWiki\Shell\Shell\command
static command(... $commands)
Returns a new instance of Command class.
Definition: Shell.php:120
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:254
$args
if( $line===false) $args
Definition: mcc.php:124
MediaWiki\Shell\Shell\isDisabled
static isDisabled()
Check if this class is effectively disabled via php.ini config.
Definition: Shell.php:138
wfDebug
wfDebug( $text, $dest='all', array $context=[])
Sends a line to the debug log if enabled or, optionally, to a comment in output.
Definition: GlobalFunctions.php:894
MediaWiki\Shell\Shell\NO_ROOT
const NO_ROOT
Disallow any root access.
Definition: Shell.php:53
MediaWiki\Shell\Shell\RESTRICT_DEFAULT
const RESTRICT_DEFAULT
Apply a default set of restrictions for improved security out of the box.
Definition: Shell.php:101
Hooks\runner
static runner()
Get a HookRunner instance for calling hooks using the new interfaces.
Definition: Hooks.php:173
MediaWiki\Shell\Shell\escape
static escape(... $args)
Locale-independent version of escapeshellarg()
Definition: Shell.php:165
$command
$command
Definition: mcc.php:125
MediaWiki\Shell
Definition: Command.php:21
MediaWiki\Shell\Shell\PRIVATE_DEV
const PRIVATE_DEV
Create a private /dev.
Definition: Shell.php:68
MediaWiki\Shell\Shell\NO_NETWORK
const NO_NETWORK
Restrict the request to have no network access.
Definition: Shell.php:76
MediaWiki\Shell\Shell\makeScriptCommand
static makeScriptCommand(string $script, array $parameters, $options=[])
Generate a Command object to run a MediaWiki CLI script.
Definition: Shell.php:183
MediaWiki\Shell\Shell\RESTRICT_NONE
const RESTRICT_NONE
Don't apply any restrictions.
Definition: Shell.php:109
MediaWiki\Shell\Shell\NO_LOCALSETTINGS
const NO_LOCALSETTINGS
Deny access to LocalSettings.php (MW_CONFIG_FILE)
Definition: Shell.php:91
Hooks
Hooks class.
Definition: Hooks.php:38