roles/fluxbb/templates/php-fpm.conf.j2 · 6a8888864f54d3ec03d2e864d8f9a9983b3a589a · Amin Vakil / infrastructure

Amin Vakil authored Jul 19, 2021

Remove symlink from disable_functions

archwiki/includes/media/SvgHandler.php:281: $ok = symlink( $srcPath, $lnPath );

Remove shell_exec from disable_functions

archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:173: * short of shell_exec('env'), but it's usually near-empty anyway. We add
archwiki/maintenance/updateCredits.php:62:$lines = explode( "\n", shell_exec( 'git log --format="%aN"' ) );
archwiki/maintenance/mwdocgen.php:139: $this->doDot = shell_exec( 'which dot' );
archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneEngine.php:85: self::$clockTick = intval( shell_exec( 'getconf CLK_TCK' ) );

Remove popen from disable_functions

flyspray/plugins/dokuwiki/inc/io.php:516: $fh = popen($cmd, "r");
archwiki/vendor/wikimedia/parsoid/bin/parse.php:409: $pipe = popen( "$fgPath > $fgOutDir/profile.svg", "w" );
archwiki/vendor/pear/pear-core-minimal/src/OS/Guess.php:254: $cpp = popen("/usr/bin/cpp $tmpfile", "r");
archwiki/maintenance/populateImageSha1.php:117: $pipe = popen( $cmd, 'w' );
archwiki/maintenance/includes/SevenZipStream.php:68: $this->stream = popen( $command, $mode[0] );
archwiki/includes/libs/filebackend/FSFileBackend.php:781: $pipes[$index] = popen( $fileOpHandle->cmd, 'r' );
archwiki/includes/GlobalFunctions.php:2202: $handle = popen( $cmd, 'r' );
archwiki/includes/GlobalFunctions.php:2219: $handle = popen( $cmd, 'r' );
archwiki/includes/GlobalFunctions.php:2284: $h = popen( $cmd, 'r' );
archwiki/includes/GlobalFunctions.php:2288: throw new Exception( __FUNCTION__ . '(): popen() failed' );
archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:196: $handle = popen( $cmd, 'r' );

Remove pclose from disable_functions

flyspray/plugins/dokuwiki/inc/io.php:522: pclose($fh);
archwiki/vendor/pear/pear-core-minimal/src/OS/Guess.php:264: pclose($cpp);
archwiki/vendor/pear/mail/Mail/sendmail.php:184: $result = pclose($mail);

Remove proc_open from disable_functions

aurweb/web/lib/pkgbasefuncs.inc.php:101: $p = proc_open($cmd, $descspec, $pipes);
aurweb/web/lib/acctfuncs.inc.php:1334: $p = proc_open($cmd, $descspec, $pipes);
archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:223: $proc = proc_open( $cmd, $desc, $pipes,
archwiki/vendor/wikimedia/parsoid/tools/regression-testing.php:86: $process = proc_open(
archwiki/vendor/monolog/monolog/src/Monolog/Handler/ProcessHandler.php:118: $this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);
archwiki/tests/parser/editTests.php:293: $proc = proc_open( '/usr/bin/dwdiff -Pc --diff-input',
archwiki/maintenance/storage/recompressTracked.php:253: $proc = proc_open( "$cmd --child-id $i", $spec, $pipes );
archwiki/maintenance/mysql.php:169: $proc = proc_open( Shell::escape( $args ), $desc, $pipes );
archwiki/maintenance/includes/TextPassDumper.php:793: $this->spawnProc = proc_open( $cmd, $spec, $pipes );
archwiki/includes/resourceloader/ResourceLoaderImage.php:429: $process = proc_open(
archwiki/includes/export/DumpPipeOutput.php:74: $this->procOpenResource = proc_open( $command, $spec, $pipes );
archwiki/includes/exception/ShellDisabledError.php:35: parent::__construct( 'Unable to run external programs, proc_open() is disabled' );
archwiki/includes/GlobalFunctions.php:2076: return 'Unable to run external programs, proc_open() is disabled.';
archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:147: $this->proc = proc_open(

Remove proc_get_status from disable_functions

archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:270: $status = proc_get_status( $proc );
archwiki/vendor/wikimedia/shellbox/src/Command/UnboxedExecutor.php:358: $status = proc_get_status( $proc );
archwiki/extensions/Scribunto/includes/engines/LuaStandalone/LuaStandaloneInterpreter.php:626: $status = proc_get_status( $this->proc );

Remove escapeshellarg from disable_functions

flyspray/includes/class.flyspray.php:1477: $type = @exec(sprintf('file -bi %s', escapeshellarg($fname)));
aurweb/web/lib/acctfuncs.inc.php:1247: $cmd = "/usr/bin/ssh-keygen -l -f " . escapeshellarg($tmpfile);
aurweb/web/lib/acctfuncs.inc.php:1326: $cmd .= ' ' . escapeshellarg($param);
archwiki/vendor/wikimedia/shellbox/src/Shellbox.php:148: $retVal .= escapeshellarg( $arg );
archwiki/vendor/wikimedia/shellbox/src/Command/BashWrapper.php:32: $cmd = '/bin/bash ' . escapeshellarg( __DIR__ . '/limit.sh' ) . ' ' .
archwiki/vendor/wikimedia/shellbox/src/Command/BashWrapper.php:37: 'SB_CGROUP=' . escapeshellarg( $this->cgroup ) . '; ' .
archwiki/vendor/pear/pear-core-minimal/src/System.php:81: $escape = escapeshellarg($b);
archwiki/vendor/pear/mail/Mail/sendmail.php:172: $from = escapeshellarg($from); // Security bug #16200
archwiki/includes/libs/filebackend/FSFileBackend.php:825: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsSrcPath ) );
archwiki/includes/libs/filebackend/FSFileBackend.php:826: $encStage = escapeshellarg( $this->cleanPathSlashes( $fsStagePath ) );
archwiki/includes/libs/filebackend/FSFileBackend.php:827: $encDst = escapeshellarg( $this->cleanPathSlashes( $fsDstPath ) );
archwiki/includes/libs/filebackend/FSFileBackend.php:857: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsSrcPath ) );
archwiki/includes/libs/filebackend/FSFileBackend.php:858: $encDst = escapeshellarg( $this->cleanPathSlashes( $fsDstPath ) );
archwiki/includes/libs/filebackend/FSFileBackend.php:878: $encSrc = escapeshellarg( $this->cleanPathSlashes( $fsPath ) );

Address jelle's comments

6a888886

Admin message