-
Amin Vakil authored
Remove symlink from disable_functions archwiki/includes/media/SvgHandler.php:281: $ok = symlink( $srcPath, $lnPath ); Remove shell_exec from disable_functions archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:173: * short of shell_exec('env'), but it's usually near-empty anyway. We add archwiki/maintenance/updateCredits.php:62:$lines = explode( "\n", shell_exec( 'git log --format="%aN"' ) ); archwiki/maintenance/mwdocgen.php:139: $this->doDot = shell_exec( 'which dot' ); archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneEngine.php:85: self::$clockTick = intval( shell_exec( 'getconf CLK_TCK' ) ); Remove popen from disable_functions flyspray/plugins/dokuwiki/inc/io.php:516: $fh = popen($cmd, "r"); archwiki/vendor/wikimedia/parsoid/bin/parse.php:409: $pipe = popen( "$fgPath > $fgOutDir/profile.svg", "w" ); archwiki/vendor/pear/pear-core-minimal/src/OS/Guess.php:254: $cpp = popen("/usr/bin/cpp $tmpfile", "r"); archwiki/maintenance/populateImageSha1.php:117: $pipe = popen( $cmd, 'w' ); archwiki/maintenance/includes/SevenZipStream.php:68: $this->stream = popen( $command, $mode[0] ); archwiki/includes/libs/filebackend/FSFileBackend.php:781: $pipes[$index] = popen( $fileOpHandle->cmd, 'r' ); archwiki/includes/GlobalFunctions.php:2202: $handle = popen( $cmd, 'r' ); archwiki/includes/GlobalFunctions.php:2219: $handle = popen( $cmd, 'r' ); archwiki/includes/GlobalFunctions.php:2284: $h = popen( $cmd, 'r' ); archwiki/includes/GlobalFunctions.php:2288: throw new Exception( __FUNCTION__ . '(): popen() failed' ); archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:196: $handle = popen( $cmd, 'r' ); Remove pclose from disable_functions flyspray/plugins/dokuwiki/inc/io.php:522: pclose($fh); archwiki/vendor/pear/pear-core-minimal/src/OS/Guess.php:264: pclose($cpp); archwiki/vendor/pear/mail/Mail/sendmail.php:184: $result = pclose($mail); Remove proc_open from disable_functions aurweb/web/lib/pkgbasefuncs.inc.php:101: $p = proc_open($cmd, $descspec, $pipes); aurweb/web/lib/acctfuncs.inc.php:1334: $p = proc_open($cmd, $descspec, $pipes); archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:223: $proc = proc_open( $cmd, $desc, $pipes, archwiki/vendor/wikimedia/parsoid/tools/regression-testing.php:86: $process = proc_open( archwiki/vendor/monolog/monolog/src/Monolog/Handler/ProcessHandler.php:118: $this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd); archwiki/tests/parser/editTests.php:293: $proc = proc_open( '/usr/bin/dwdiff -Pc --diff-input', archwiki/maintenance/storage/recompressTracked.php:253: $proc = proc_open( "$cmd --child-id $i", $spec, $pipes ); archwiki/maintenance/mysql.php:169: $proc = proc_open( Shell::escape( $args ), $desc, $pipes ); archwiki/maintenance/includes/TextPassDumper.php:793: $this->spawnProc = proc_open( $cmd, $spec, $pipes ); archwiki/includes/resourceloader/ResourceLoaderImage.php:429: $process = proc_open( archwiki/includes/export/DumpPipeOutput.php:74: $this->procOpenResource = proc_open( $command, $spec, $pipes ); archwiki/includes/exception/ShellDisabledError.php:35: parent::__construct( 'Unable to run external programs, proc_open() is disabled' ); archwiki/includes/GlobalFunctions.php:2076: return 'Unable to run external programs, proc_open() is disabled.'; archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:147: $this->proc = proc_open( Remove proc_get_status from disable_functions archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:270: $status = proc_get_status( $proc ); archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:358: $status = proc_get_status( $proc ); archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:626: $status = proc_get_status( $this->proc ); Remove escapeshellarg from disable_functions flyspray/includes/class.flyspray.php:1477: $type = @exec(sprintf('file -bi %s', escapeshellarg($fname))); aurweb/web/lib/acctfuncs.inc.php:1247: $cmd = "/usr/bin/ssh-keygen -l -f " . escapeshellarg($tmpfile); aurweb/web/lib/acctfuncs.inc.php:1326: $cmd .= ' ' . escapeshellarg($param); archwiki/vendor/wikimedia/shellbox/src/Shellbox.php:148: $retVal .= escapeshellarg( $arg ); archwiki/vendor/wikimedia/shellbox/src/Command/BashWrapper.php:32: $cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' . archwiki/vendor/wikimedia/shellbox/src/Command/BashWrapper.php:37: 'SB_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' . archwiki/vendor/pear/pear-core-minimal/src/System.php:81: $escape = escapeshellarg($b); archwiki/vendor/pear/mail/Mail/sendmail.php:172: $from = escapeshellarg($from); // Security bug #16200 archwiki/includes/libs/filebackend/FSFileBackend.php:825: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsSrcPath ) ); archwiki/includes/libs/filebackend/FSFileBackend.php:826: $encStage = escapeshellarg( $this->cleanPathSlashes( $fsStagePath ) ); archwiki/includes/libs/filebackend/FSFileBackend.php:827: $encDst = escapeshellarg( $this->cleanPathSlashes( $fsDstPath ) ); archwiki/includes/libs/filebackend/FSFileBackend.php:857: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsSrcPath ) ); archwiki/includes/libs/filebackend/FSFileBackend.php:858: $encDst = escapeshellarg( $this->cleanPathSlashes( $fsDstPath ) ); archwiki/includes/libs/filebackend/FSFileBackend.php:878: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsPath ) ); Address jelle's comments