MediaWiki master
Static Public Member Functions | Public Attributes | List of all members
MediaWiki\Shell\Shell Class Reference

Executes shell commands. More...

Static Public Member Functions

static command (... $commands)
 Returns a new instance of Command class.
 
static escape (... $args)
 Locale-independent version of escapeshellarg()
 
static isDisabled ()
 Check if this class is effectively disabled via php.ini config.
 
static makeScriptCommand (string $script, array $parameters, array $options=[])
 Generate a Command object to run a MediaWiki maintenance script.
 

Public Attributes

const NO_EXECVE = 16
 Deny execve syscall with seccomp.
 
const NO_LOCALSETTINGS = 32
 Deny access to LocalSettings.php (MW_CONFIG_FILE)
 
const NO_NETWORK = 8
 Restrict the request to have no network access.
 
const NO_ROOT = 1
 Disallow any root access.
 
const PRIVATE_DEV = 4
 Create a private /dev.
 
const RESTRICT_DEFAULT
 Apply a default set of restrictions for improved security out of the box.
 
const RESTRICT_NONE = 0
 Don't apply any restrictions.
 
const SECCOMP = 2
 Use seccomp to block dangerous syscalls.
 

Detailed Description

Executes shell commands.

Since
1.30

Use call chaining with this class for expressiveness: $result = Shell::command( 'some command' ) ->input( 'foo' ) ->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] ) ->limits( [ 'time' => 300 ] ) ->execute();

... = $result->getExitCode(); ... = $result->getStdout(); ... = $result->getStderr();

Definition at line 46 of file Shell.php.

Member Function Documentation

◆ command()

static MediaWiki\Shell\Shell::command ( $commands)
static

Returns a new instance of Command class.

Note
You should check Shell::isDisabled() before calling this
Parameters
string|string[]...$commands String or array of strings representing the command to be executed, each value will be escaped. Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
Returns
Command

Definition at line 121 of file Shell.php.

◆ escape()

static MediaWiki\Shell\Shell::escape ( $args)
static

Locale-independent version of escapeshellarg()

Originally, this fixed the incorrect use of single quotes on Windows (https://bugs.php.net/bug.php?id=26285) and the locale problems on Linux in PHP 5.2.6+ (https://bugs.php.net/bug.php?id=54391). The second bug is still open as of 2021.

Parameters
string|string[]...$args strings to escape and glue together, or a single array of strings parameter. Null values are ignored.
Returns
string

Definition at line 166 of file Shell.php.

◆ isDisabled()

static MediaWiki\Shell\Shell::isDisabled ( )
static

Check if this class is effectively disabled via php.ini config.

Returns
bool

Definition at line 139 of file Shell.php.

References wfDebug().

Referenced by MediaWiki\Shell\Command\__construct().

◆ makeScriptCommand()

static MediaWiki\Shell\Shell::makeScriptCommand ( string $script,
array $parameters,
array $options = [] )
static

Generate a Command object to run a MediaWiki maintenance script.

Note that $parameters should be a flat array and an option with an argument should consist of two consecutive items in the array (do not use "--option value").

Note
You should check Shell::isDisabled() before calling this
Parameters
string$scriptMediaWiki CLI script in a form accepted by run.php, e.g. an absolute path, a class name, or the plain name of a script in the maintenance directory.
string[]$parametersArguments and options to the script
array$optionsAssociative array of options: 'php': The path to the php executable 'wrapper': Path to a wrapper to run the maintenance script
Returns
Command

Definition at line 186 of file Shell.php.

Member Data Documentation

◆ NO_EXECVE

const MediaWiki\Shell\Shell::NO_EXECVE = 16

Deny execve syscall with seccomp.

See also
https://en.wikipedia.org/wiki/exec_(system_call)
Since
1.31

Definition at line 85 of file Shell.php.

◆ NO_LOCALSETTINGS

const MediaWiki\Shell\Shell::NO_LOCALSETTINGS = 32

Deny access to LocalSettings.php (MW_CONFIG_FILE)

Since
1.31

Definition at line 92 of file Shell.php.

◆ NO_NETWORK

const MediaWiki\Shell\Shell::NO_NETWORK = 8

Restrict the request to have no network access.

Since
1.31

Definition at line 77 of file Shell.php.

◆ NO_ROOT

const MediaWiki\Shell\Shell::NO_ROOT = 1

Disallow any root access.

Any setuid binaries will be run without elevated access.

Since
1.31

Definition at line 54 of file Shell.php.

◆ PRIVATE_DEV

const MediaWiki\Shell\Shell::PRIVATE_DEV = 4

Create a private /dev.

Since
1.31

Definition at line 69 of file Shell.php.

◆ RESTRICT_DEFAULT

const MediaWiki\Shell\Shell::RESTRICT_DEFAULT
Initial value:
= self::NO_ROOT | self::SECCOMP | self::PRIVATE_DEV |
self::NO_LOCALSETTINGS

Apply a default set of restrictions for improved security out of the box.

Note
This value will change over time to provide increased security by default, and is not guaranteed to be backwards-compatible.
Since
1.31

Definition at line 102 of file Shell.php.

◆ RESTRICT_NONE

const MediaWiki\Shell\Shell::RESTRICT_NONE = 0

Don't apply any restrictions.

Since
1.31

Definition at line 110 of file Shell.php.

◆ SECCOMP

const MediaWiki\Shell\Shell::SECCOMP = 2

Use seccomp to block dangerous syscalls.

See also
https://en.wikipedia.org/wiki/seccomp
Since
1.31

Definition at line 62 of file Shell.php.

The documentation for this class was generated from the following file: