/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
*
* @param string|string[] $cmd If string, a properly shell-escaped command line,
* or an array of unescaped arguments, in which case each value will be escaped
* Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
* @param null|mixed &$retval Optional, will receive the program's exit code.
* (non-zero is usually failure). If there is an error from
* read, select, or proc_open(), this will be set to -1.
* @param array $environ Optional environment variables which should be
* added to the executed command environment.
* @param array $limits Optional array with limits(filesize, memory, time, walltime)
* this overwrites the global wgMaxShell* limits.
* @param array $options Array of options:
* - duplicateStderr: Set this to true to duplicate stderr to stdout,
* including errors from limit.sh
* - profileMethod: By default this function will profile based on the calling
* method. Set this to a string for an alternative method to profile from
*
* @return string Collected stdout as a string
*/
function wfShellExec($cmd, &$retval = null, $environ = array(), $limits = array(), $options = array())
{
global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime, $wgMaxShellWallClockTime, $wgShellCgroup;
$disabled = wfShellExecDisabled();
if ($disabled) {
$retval = 1;
return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, proc_open() is disabled.';
}
$includeStderr = isset($options['duplicateStderr']) && $options['duplicateStderr'];
$profileMethod = isset($options['profileMethod']) ? $options['profileMethod'] : wfGetCaller();
wfInitShellLocale();
$envcmd = '';
foreach ($environ as $k => $v) {
if (wfIsWindows()) {
/* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves
* appear in the environment variable, so we must use carat escaping as documented in
* http://technet.microsoft.com/en-us/library/cc723564.aspx
* Note however that the quote isn't listed there, but is needed, and the parentheses
* are listed there but doesn't appear to need it.
*/
$envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& ';
} else {
/* Assume this is a POSIX shell, thus required to accept variable assignments before the command
* http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01
*/
$envcmd .= "{$k}=" . escapeshellarg($v) . ' ';
}
}
if (is_array($cmd)) {
$cmd = wfEscapeShellArg($cmd);
}
$cmd = $envcmd . $cmd;
$useLogPipe = false;
if (is_executable('/bin/bash')) {
$time = intval(isset($limits['time']) ? $limits['time'] : $wgMaxShellTime);
if (isset($limits['walltime'])) {
$wallTime = intval($limits['walltime']);
} elseif (isset($limits['time'])) {
$wallTime = $time;
} else {
$wallTime = intval($wgMaxShellWallClockTime);
}
$mem = intval(isset($limits['memory']) ? $limits['memory'] : $wgMaxShellMemory);
$filesize = intval(isset($limits['filesize']) ? $limits['filesize'] : $wgMaxShellFileSize);
if ($time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0) {
$cmd = '/bin/bash ' . escapeshellarg("{$IP}/includes/limit.sh") . ' ' . escapeshellarg($cmd) . ' ' . escapeshellarg("MW_INCLUDE_STDERR=" . ($includeStderr ? '1' : '') . ';' . "MW_CPU_LIMIT={$time}; " . 'MW_CGROUP=' . escapeshellarg($wgShellCgroup) . '; ' . "MW_MEM_LIMIT={$mem}; " . "MW_FILE_SIZE_LIMIT={$filesize}; " . "MW_WALL_CLOCK_LIMIT={$wallTime}; " . "MW_USE_LOG_PIPE=yes");
$useLogPipe = true;
} elseif ($includeStderr) {
$cmd .= ' 2>&1';
}
} elseif ($includeStderr) {
$cmd .= ' 2>&1';
}
wfDebug("wfShellExec: {$cmd}\n");
$desc = array(0 => array('file', 'php://stdin', 'r'), 1 => array('pipe', 'w'), 2 => array('file', 'php://stderr', 'w'));
if ($useLogPipe) {
$desc[3] = array('pipe', 'w');
}
$pipes = null;
$scoped = Profiler::instance()->scopedProfileIn(__FUNCTION__ . '-' . $profileMethod);
$proc = proc_open($cmd, $desc, $pipes);
if (!$proc) {
wfDebugLog('exec', "proc_open() failed: {$cmd}");
$retval = -1;
return '';
}
$outBuffer = $logBuffer = '';
$emptyArray = array();
$status = false;
$logMsg = false;
// According to the documentation, it is possible for stream_select()
// to fail due to EINTR. I haven't managed to induce this in testing
// despite sending various signals. If it did happen, the error
// message would take the form:
//
// stream_select(): unable to select [4]: Interrupted system call (max_fd=5)
//
// where [4] is the value of the macro EINTR and "Interrupted system
// call" is string which according to the Linux manual is "possibly"
// localised according to LC_MESSAGES.
$eintr = defined('SOCKET_EINTR') ? SOCKET_EINTR : 4;
$eintrMessage = "stream_select(): unable to select [{$eintr}]";
// Build a table mapping resource IDs to pipe FDs to work around a
// PHP 5.3 issue in which stream_select() does not preserve array keys
// <https://bugs.php.net/bug.php?id=53427>.
$fds = array();
foreach ($pipes as $fd => $pipe) {
$fds[(int) $pipe] = $fd;
}
$running = true;
$timeout = null;
$numReadyPipes = 0;
while ($running === true || $numReadyPipes !== 0) {
if ($running) {
$status = proc_get_status($proc);
// If the process has terminated, switch to nonblocking selects
// for getting any data still waiting to be read.
if (!$status['running']) {
$running = false;
$timeout = 0;
}
}
$readyPipes = $pipes;
// Clear last error
// @codingStandardsIgnoreStart Generic.PHP.NoSilencedErrors.Discouraged
@trigger_error('');
$numReadyPipes = @stream_select($readyPipes, $emptyArray, $emptyArray, $timeout);
if ($numReadyPipes === false) {
// @codingStandardsIgnoreEnd
$error = error_get_last();
if (strncmp($error['message'], $eintrMessage, strlen($eintrMessage)) == 0) {
continue;
} else {
trigger_error($error['message'], E_USER_WARNING);
$logMsg = $error['message'];
break;
}
}
foreach ($readyPipes as $pipe) {
$block = fread($pipe, 65536);
$fd = $fds[(int) $pipe];
if ($block === '') {
// End of file
fclose($pipes[$fd]);
unset($pipes[$fd]);
if (!$pipes) {
break 2;
}
} elseif ($block === false) {
// Read error
$logMsg = "Error reading from pipe";
break 2;
} elseif ($fd == 1) {
// From stdout
$outBuffer .= $block;
} elseif ($fd == 3) {
// From log FD
$logBuffer .= $block;
if (strpos($block, "\n") !== false) {
$lines = explode("\n", $logBuffer);
$logBuffer = array_pop($lines);
foreach ($lines as $line) {
wfDebugLog('exec', $line);
}
}
}
}
}
foreach ($pipes as $pipe) {
fclose($pipe);
}
// Use the status previously collected if possible, since proc_get_status()
// just calls waitpid() which will not return anything useful the second time.
if ($running) {
$status = proc_get_status($proc);
}
if ($logMsg !== false) {
// Read/select error
$retval = -1;
proc_close($proc);
} elseif ($status['signaled']) {
$logMsg = "Exited with signal {$status['termsig']}";
$retval = 128 + $status['termsig'];
proc_close($proc);
} else {
if ($status['running']) {
$retval = proc_close($proc);
} else {
$retval = $status['exitcode'];
proc_close($proc);
}
if ($retval == 127) {
$logMsg = "Possibly missing executable file";
} elseif ($retval >= 129 && $retval <= 192) {
$logMsg = "Probably exited with signal " . ($retval - 128);
}
}
if ($logMsg !== false) {
wfDebugLog('exec', "{$logMsg}: {$cmd}");
}
return $outBuffer;
}
/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
* @param string $cmd Command line, properly escaped for shell.
* @param &$retval null|Mixed optional, will receive the program's exit code.
* (non-zero is usually failure)
* @param array $environ optional environment variables which should be
* added to the executed command environment.
* @param array $limits optional array with limits(filesize, memory, time, walltime)
* this overwrites the global wgShellMax* limits.
* @return string collected stdout as a string (trailing newlines stripped)
*/
function wfShellExec($cmd, &$retval = null, $environ = array(), $limits = array())
{
global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime, $wgMaxShellWallClockTime, $wgShellCgroup;
$disabled = wfShellExecDisabled();
if ($disabled) {
$retval = 1;
return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, passthru() is disabled.';
}
wfInitShellLocale();
$envcmd = '';
foreach ($environ as $k => $v) {
if (wfIsWindows()) {
/* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves
* appear in the environment variable, so we must use carat escaping as documented in
* http://technet.microsoft.com/en-us/library/cc723564.aspx
* Note however that the quote isn't listed there, but is needed, and the parentheses
* are listed there but doesn't appear to need it.
*/
$envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& ';
} else {
/* Assume this is a POSIX shell, thus required to accept variable assignments before the command
* http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01
*/
$envcmd .= "{$k}=" . escapeshellarg($v) . ' ';
}
}
$cmd = $envcmd . $cmd;
if (php_uname('s') == 'Linux') {
$time = intval(isset($limits['time']) ? $limits['time'] : $wgMaxShellTime);
if (isset($limits['walltime'])) {
$wallTime = intval($limits['walltime']);
} elseif (isset($limits['time'])) {
$wallTime = $time;
} else {
$wallTime = intval($wgMaxShellWallClockTime);
}
$mem = intval(isset($limits['memory']) ? $limits['memory'] : $wgMaxShellMemory);
$filesize = intval(isset($limits['filesize']) ? $limits['filesize'] : $wgMaxShellFileSize);
if ($time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0) {
$cmd = '/bin/bash ' . escapeshellarg("{$IP}/includes/limit.sh") . ' ' . escapeshellarg($cmd) . ' ' . escapeshellarg("MW_CPU_LIMIT={$time}; " . 'MW_CGROUP=' . escapeshellarg($wgShellCgroup) . '; ' . "MW_MEM_LIMIT={$mem}; " . "MW_FILE_SIZE_LIMIT={$filesize}; " . "MW_WALL_CLOCK_LIMIT={$wallTime}");
}
}
wfDebug("wfShellExec: {$cmd}\n");
$retval = 1;
// error by default?
ob_start();
passthru($cmd, $retval);
$output = ob_get_contents();
ob_end_clean();
if ($retval == 127) {
wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n");
}
return $output;
}
/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
* @param $cmd String Command line, properly escaped for shell.
* @param &$retval optional, will receive the program's exit code.
* (non-zero is usually failure)
* @param $environ Array optional environment variables which should be
* added to the executed command environment.
* @return collected stdout as a string (trailing newlines stripped)
*/
function wfShellExec($cmd, &$retval = null, $environ = array())
{
global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime;
static $disabled;
if (is_null($disabled)) {
$disabled = false;
if (wfIniGetBool('safe_mode')) {
wfDebug("wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n");
$disabled = 'safemode';
} else {
$functions = explode(',', ini_get('disable_functions'));
$functions = array_map('trim', $functions);
$functions = array_map('strtolower', $functions);
if (in_array('passthru', $functions)) {
wfDebug("passthru is in disabled_functions\n");
$disabled = 'passthru';
}
}
}
if ($disabled) {
$retval = 1;
return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, passthru() is disabled.';
}
wfInitShellLocale();
$envcmd = '';
foreach ($environ as $k => $v) {
if (wfIsWindows()) {
/* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves
* appear in the environment variable, so we must use carat escaping as documented in
* http://technet.microsoft.com/en-us/library/cc723564.aspx
* Note however that the quote isn't listed there, but is needed, and the parentheses
* are listed there but doesn't appear to need it.
*/
$envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& ';
} else {
/* Assume this is a POSIX shell, thus required to accept variable assignments before the command
* http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01
*/
$envcmd .= "{$k}=" . escapeshellarg($v) . ' ';
}
}
$cmd = $envcmd . $cmd;
if (wfIsWindows()) {
if (version_compare(PHP_VERSION, '5.3.0', '<') && (version_compare(PHP_VERSION, '5.2.1', '>=') || php_uname('s') == 'Windows NT')) {
# Hack to work around PHP's flawed invocation of cmd.exe
# http://news.php.net/php.internals/21796
# Windows 9x doesn't accept any kind of quotes
$cmd = '"' . $cmd . '"';
}
} elseif (php_uname('s') == 'Linux') {
$time = intval($wgMaxShellTime);
$mem = intval($wgMaxShellMemory);
$filesize = intval($wgMaxShellFileSize);
if ($time > 0 && $mem > 0) {
$script = "{$IP}/bin/ulimit4.sh";
if (is_executable($script)) {
$cmd = '/bin/bash ' . escapeshellarg($script) . " {$time} {$mem} {$filesize} " . escapeshellarg($cmd);
}
}
}
wfDebug("wfShellExec: {$cmd}\n");
$retval = 1;
// error by default?
ob_start();
passthru($cmd, $retval);
$output = ob_get_contents();
ob_end_clean();
if ($retval == 127) {
wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n");
}
return $output;
}
/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
* @param $cmd Command line, properly escaped for shell.
* @param &$retval optional, will receive the program's exit code.
* (non-zero is usually failure)
* @return collected stdout as a string (trailing newlines stripped)
*/
function wfShellExec($cmd, &$retval = null)
{
global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime;
static $disabled;
if (is_null($disabled)) {
$disabled = false;
if (wfIniGetBool('safe_mode')) {
wfDebug("wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n");
$disabled = true;
}
$functions = explode(',', ini_get('disable_functions'));
$functions = array_map('trim', $functions);
$functions = array_map('strtolower', $functions);
if (in_array('passthru', $functions)) {
wfDebug("passthru is in disabled_functions\n");
$disabled = true;
}
}
if ($disabled) {
$retval = 1;
return "Unable to run external programs in safe mode.";
}
wfInitShellLocale();
if (php_uname('s') == 'Linux') {
$time = intval($wgMaxShellTime);
$mem = intval($wgMaxShellMemory);
$filesize = intval($wgMaxShellFileSize);
if ($time > 0 && $mem > 0) {
$script = "{$IP}/bin/ulimit4.sh";
if (is_executable($script)) {
$cmd = escapeshellarg($script) . " {$time} {$mem} {$filesize} " . escapeshellarg($cmd);
}
}
} elseif (php_uname('s') == 'Windows NT') {
# This is a hack to work around PHP's flawed invocation of cmd.exe
# http://news.php.net/php.internals/21796
$cmd = '"' . $cmd . '"';
}
wfDebug("wfShellExec: {$cmd}\n");
$retval = 1;
// error by default?
ob_start();
passthru($cmd, $retval);
$output = ob_get_contents();
ob_end_clean();
if ($retval == 127) {
wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n");
}
return $output;
}
