MediaWiki  master
MediaWiki\Shell\Shell Class Reference

Executes shell commands. More...

Static Public Member Functions

static command (... $commands)
 Returns a new instance of Command class. More...
 
static escape (... $args)
 Version of escapeshellarg() that works better on Windows. More...
 
static isDisabled ()
 Check if this class is effectively disabled via php.ini config. More...
 
static makeScriptCommand (string $script, array $parameters, $options=[])
 Generate a Command object to run a MediaWiki CLI script. More...
 

Public Attributes

const NO_EXECVE = 16
 Deny execve syscall with seccomp. More...
 
const NO_LOCALSETTINGS = 32
 Deny access to LocalSettings.php (MW_CONFIG_FILE) More...
 
const NO_NETWORK = 8
 Restrict the request to have no network access. More...
 
const NO_ROOT = 1
 Disallow any root access. More...
 
const PRIVATE_DEV = 4
 Create a private /dev. More...
 
const RESTRICT_DEFAULT
 Apply a default set of restrictions for improved security out of the box. More...
 
const RESTRICT_NONE = 0
 Don't apply any restrictions. More...
 
const SECCOMP = 2
 Use seccomp to block dangerous syscalls. More...
 

Detailed Description

Executes shell commands.

Since
1.30

Use call chaining with this class for expressiveness: $result = Shell::command( 'some command' ) ->input( 'foo' ) ->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] ) ->limits( [ 'time' => 300 ] ) ->execute();

... = $result->getExitCode(); ... = $result->getStdout(); ... = $result->getStderr();

Definition at line 44 of file Shell.php.

Member Function Documentation

◆ command()

static MediaWiki\Shell\Shell::command (   $commands)
static

Returns a new instance of Command class.

Note
You should check Shell::isDisabled() before calling this
Parameters
string|string[]...$commands String or array of strings representing the command to be executed, each value will be escaped. Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
Returns
Command

Definition at line 119 of file Shell.php.

References $command, and MediaWiki\MediaWikiServices\getInstance().

Referenced by MediaWiki\Shell\Shell\makeScriptCommand().

◆ escape()

static MediaWiki\Shell\Shell::escape (   $args)
static

Version of escapeshellarg() that works better on Windows.

Originally, this fixed the incorrect use of single quotes on Windows (https://bugs.php.net/bug.php?id=26285) and the locale problems on Linux in PHP 5.2.6+ (bug backported to earlier distro releases of PHP).

Parameters
string|string[]...$args strings to escape and glue together, or a single array of strings parameter. Null values are ignored.
Returns
string

Definition at line 163 of file Shell.php.

References $args, and wfIsWindows().

Referenced by MediaWiki\Shell\Command\params().

◆ isDisabled()

static MediaWiki\Shell\Shell::isDisabled ( )
static

Check if this class is effectively disabled via php.ini config.

Returns
bool

Definition at line 137 of file Shell.php.

References wfDebug().

Referenced by MediaWiki\Shell\Command\__construct().

◆ makeScriptCommand()

static MediaWiki\Shell\Shell::makeScriptCommand ( string  $script,
array  $parameters,
  $options = [] 
)
static

Generate a Command object to run a MediaWiki CLI script.

Note that $parameters should be a flat array and an option with an argument should consist of two consecutive items in the array (do not use "--option value").

Note
You should check Shell::isDisabled() before calling this
Parameters
string$scriptMediaWiki CLI script with full path
string[]$parametersArguments and options to the script
array$optionsAssociative array of options: 'php': The path to the php executable 'wrapper': Path to a PHP wrapper to handle the maintenance script -param array{php?:string,wrapper?:string} $options
Returns
Command

Definition at line 236 of file Shell.php.

References $wgPhpCli, MediaWiki\Shell\Shell\command(), and Hooks\runner().

Member Data Documentation

◆ NO_EXECVE

const MediaWiki\Shell\Shell::NO_EXECVE = 16

Deny execve syscall with seccomp.

See also
https://en.wikipedia.org/wiki/exec_(system_call)
Since
1.31

Definition at line 83 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_LOCALSETTINGS

const MediaWiki\Shell\Shell::NO_LOCALSETTINGS = 32

Deny access to LocalSettings.php (MW_CONFIG_FILE)

Since
1.31

Definition at line 90 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_NETWORK

const MediaWiki\Shell\Shell::NO_NETWORK = 8

Restrict the request to have no network access.

Since
1.31

Definition at line 75 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_ROOT

const MediaWiki\Shell\Shell::NO_ROOT = 1

Disallow any root access.

Any setuid binaries will be run without elevated access.

Since
1.31

Definition at line 52 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ PRIVATE_DEV

const MediaWiki\Shell\Shell::PRIVATE_DEV = 4

Create a private /dev.

Since
1.31

Definition at line 67 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ RESTRICT_DEFAULT

const MediaWiki\Shell\Shell::RESTRICT_DEFAULT
Initial value:
= self::NO_ROOT | self::SECCOMP | self::PRIVATE_DEV |
self::NO_LOCALSETTINGS

Apply a default set of restrictions for improved security out of the box.

Note
This value will change over time to provide increased security by default, and is not guaranteed to be backwards-compatible.
Since
1.31

Definition at line 100 of file Shell.php.

Referenced by MediaWiki\Shell\CommandFactory\create().

◆ RESTRICT_NONE

const MediaWiki\Shell\Shell::RESTRICT_NONE = 0

Don't apply any restrictions.

Since
1.31

Definition at line 108 of file Shell.php.

◆ SECCOMP

const MediaWiki\Shell\Shell::SECCOMP = 2

Use seccomp to block dangerous syscalls.

See also
https://en.wikipedia.org/wiki/seccomp
Since
1.31

Definition at line 60 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().


The documentation for this class was generated from the following file: