/** * Execute a shell command, with time and memory limits mirrored from the PHP * configuration if supported. * * @param string|string[] $cmd If string, a properly shell-escaped command line, * or an array of unescaped arguments, in which case each value will be escaped * Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'" * @param null|mixed &$retval Optional, will receive the program's exit code. * (non-zero is usually failure). If there is an error from * read, select, or proc_open(), this will be set to -1. * @param array $environ Optional environment variables which should be * added to the executed command environment. * @param array $limits Optional array with limits(filesize, memory, time, walltime) * this overwrites the global wgMaxShell* limits. * @param array $options Array of options: * - duplicateStderr: Set this to true to duplicate stderr to stdout, * including errors from limit.sh * - profileMethod: By default this function will profile based on the calling * method. Set this to a string for an alternative method to profile from * * @return string Collected stdout as a string */ function wfShellExec($cmd, &$retval = null, $environ = array(), $limits = array(), $options = array()) { global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime, $wgMaxShellWallClockTime, $wgShellCgroup; $disabled = wfShellExecDisabled(); if ($disabled) { $retval = 1; return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, proc_open() is disabled.'; } $includeStderr = isset($options['duplicateStderr']) && $options['duplicateStderr']; $profileMethod = isset($options['profileMethod']) ? $options['profileMethod'] : wfGetCaller(); wfInitShellLocale(); $envcmd = ''; foreach ($environ as $k => $v) { if (wfIsWindows()) { /* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves * appear in the environment variable, so we must use carat escaping as documented in * http://technet.microsoft.com/en-us/library/cc723564.aspx * Note however that the quote isn't listed there, but is needed, and the parentheses * are listed there but doesn't appear to need it. */ $envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& '; } else { /* Assume this is a POSIX shell, thus required to accept variable assignments before the command * http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01 */ $envcmd .= "{$k}=" . escapeshellarg($v) . ' '; } } if (is_array($cmd)) { $cmd = wfEscapeShellArg($cmd); } $cmd = $envcmd . $cmd; $useLogPipe = false; if (is_executable('/bin/bash')) { $time = intval(isset($limits['time']) ? $limits['time'] : $wgMaxShellTime); if (isset($limits['walltime'])) { $wallTime = intval($limits['walltime']); } elseif (isset($limits['time'])) { $wallTime = $time; } else { $wallTime = intval($wgMaxShellWallClockTime); } $mem = intval(isset($limits['memory']) ? $limits['memory'] : $wgMaxShellMemory); $filesize = intval(isset($limits['filesize']) ? $limits['filesize'] : $wgMaxShellFileSize); if ($time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0) { $cmd = '/bin/bash ' . escapeshellarg("{$IP}/includes/limit.sh") . ' ' . escapeshellarg($cmd) . ' ' . escapeshellarg("MW_INCLUDE_STDERR=" . ($includeStderr ? '1' : '') . ';' . "MW_CPU_LIMIT={$time}; " . 'MW_CGROUP=' . escapeshellarg($wgShellCgroup) . '; ' . "MW_MEM_LIMIT={$mem}; " . "MW_FILE_SIZE_LIMIT={$filesize}; " . "MW_WALL_CLOCK_LIMIT={$wallTime}; " . "MW_USE_LOG_PIPE=yes"); $useLogPipe = true; } elseif ($includeStderr) { $cmd .= ' 2>&1'; } } elseif ($includeStderr) { $cmd .= ' 2>&1'; } wfDebug("wfShellExec: {$cmd}\n"); $desc = array(0 => array('file', 'php://stdin', 'r'), 1 => array('pipe', 'w'), 2 => array('file', 'php://stderr', 'w')); if ($useLogPipe) { $desc[3] = array('pipe', 'w'); } $pipes = null; $scoped = Profiler::instance()->scopedProfileIn(__FUNCTION__ . '-' . $profileMethod); $proc = proc_open($cmd, $desc, $pipes); if (!$proc) { wfDebugLog('exec', "proc_open() failed: {$cmd}"); $retval = -1; return ''; } $outBuffer = $logBuffer = ''; $emptyArray = array(); $status = false; $logMsg = false; // According to the documentation, it is possible for stream_select() // to fail due to EINTR. I haven't managed to induce this in testing // despite sending various signals. If it did happen, the error // message would take the form: // // stream_select(): unable to select [4]: Interrupted system call (max_fd=5) // // where [4] is the value of the macro EINTR and "Interrupted system // call" is string which according to the Linux manual is "possibly" // localised according to LC_MESSAGES. $eintr = defined('SOCKET_EINTR') ? SOCKET_EINTR : 4; $eintrMessage = "stream_select(): unable to select [{$eintr}]"; // Build a table mapping resource IDs to pipe FDs to work around a // PHP 5.3 issue in which stream_select() does not preserve array keys // <https://bugs.php.net/bug.php?id=53427>. $fds = array(); foreach ($pipes as $fd => $pipe) { $fds[(int) $pipe] = $fd; } $running = true; $timeout = null; $numReadyPipes = 0; while ($running === true || $numReadyPipes !== 0) { if ($running) { $status = proc_get_status($proc); // If the process has terminated, switch to nonblocking selects // for getting any data still waiting to be read. if (!$status['running']) { $running = false; $timeout = 0; } } $readyPipes = $pipes; // Clear last error // @codingStandardsIgnoreStart Generic.PHP.NoSilencedErrors.Discouraged @trigger_error(''); $numReadyPipes = @stream_select($readyPipes, $emptyArray, $emptyArray, $timeout); if ($numReadyPipes === false) { // @codingStandardsIgnoreEnd $error = error_get_last(); if (strncmp($error['message'], $eintrMessage, strlen($eintrMessage)) == 0) { continue; } else { trigger_error($error['message'], E_USER_WARNING); $logMsg = $error['message']; break; } } foreach ($readyPipes as $pipe) { $block = fread($pipe, 65536); $fd = $fds[(int) $pipe]; if ($block === '') { // End of file fclose($pipes[$fd]); unset($pipes[$fd]); if (!$pipes) { break 2; } } elseif ($block === false) { // Read error $logMsg = "Error reading from pipe"; break 2; } elseif ($fd == 1) { // From stdout $outBuffer .= $block; } elseif ($fd == 3) { // From log FD $logBuffer .= $block; if (strpos($block, "\n") !== false) { $lines = explode("\n", $logBuffer); $logBuffer = array_pop($lines); foreach ($lines as $line) { wfDebugLog('exec', $line); } } } } } foreach ($pipes as $pipe) { fclose($pipe); } // Use the status previously collected if possible, since proc_get_status() // just calls waitpid() which will not return anything useful the second time. if ($running) { $status = proc_get_status($proc); } if ($logMsg !== false) { // Read/select error $retval = -1; proc_close($proc); } elseif ($status['signaled']) { $logMsg = "Exited with signal {$status['termsig']}"; $retval = 128 + $status['termsig']; proc_close($proc); } else { if ($status['running']) { $retval = proc_close($proc); } else { $retval = $status['exitcode']; proc_close($proc); } if ($retval == 127) { $logMsg = "Possibly missing executable file"; } elseif ($retval >= 129 && $retval <= 192) { $logMsg = "Probably exited with signal " . ($retval - 128); } } if ($logMsg !== false) { wfDebugLog('exec', "{$logMsg}: {$cmd}"); } return $outBuffer; }
/** * Execute a shell command, with time and memory limits mirrored from the PHP * configuration if supported. * @param string $cmd Command line, properly escaped for shell. * @param &$retval null|Mixed optional, will receive the program's exit code. * (non-zero is usually failure) * @param array $environ optional environment variables which should be * added to the executed command environment. * @param array $limits optional array with limits(filesize, memory, time, walltime) * this overwrites the global wgShellMax* limits. * @return string collected stdout as a string (trailing newlines stripped) */ function wfShellExec($cmd, &$retval = null, $environ = array(), $limits = array()) { global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime, $wgMaxShellWallClockTime, $wgShellCgroup; $disabled = wfShellExecDisabled(); if ($disabled) { $retval = 1; return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, passthru() is disabled.'; } wfInitShellLocale(); $envcmd = ''; foreach ($environ as $k => $v) { if (wfIsWindows()) { /* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves * appear in the environment variable, so we must use carat escaping as documented in * http://technet.microsoft.com/en-us/library/cc723564.aspx * Note however that the quote isn't listed there, but is needed, and the parentheses * are listed there but doesn't appear to need it. */ $envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& '; } else { /* Assume this is a POSIX shell, thus required to accept variable assignments before the command * http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01 */ $envcmd .= "{$k}=" . escapeshellarg($v) . ' '; } } $cmd = $envcmd . $cmd; if (php_uname('s') == 'Linux') { $time = intval(isset($limits['time']) ? $limits['time'] : $wgMaxShellTime); if (isset($limits['walltime'])) { $wallTime = intval($limits['walltime']); } elseif (isset($limits['time'])) { $wallTime = $time; } else { $wallTime = intval($wgMaxShellWallClockTime); } $mem = intval(isset($limits['memory']) ? $limits['memory'] : $wgMaxShellMemory); $filesize = intval(isset($limits['filesize']) ? $limits['filesize'] : $wgMaxShellFileSize); if ($time > 0 || $mem > 0 || $filesize > 0 || $wallTime > 0) { $cmd = '/bin/bash ' . escapeshellarg("{$IP}/includes/limit.sh") . ' ' . escapeshellarg($cmd) . ' ' . escapeshellarg("MW_CPU_LIMIT={$time}; " . 'MW_CGROUP=' . escapeshellarg($wgShellCgroup) . '; ' . "MW_MEM_LIMIT={$mem}; " . "MW_FILE_SIZE_LIMIT={$filesize}; " . "MW_WALL_CLOCK_LIMIT={$wallTime}"); } } wfDebug("wfShellExec: {$cmd}\n"); $retval = 1; // error by default? ob_start(); passthru($cmd, $retval); $output = ob_get_contents(); ob_end_clean(); if ($retval == 127) { wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n"); } return $output; }
/** * Execute a shell command, with time and memory limits mirrored from the PHP * configuration if supported. * @param $cmd String Command line, properly escaped for shell. * @param &$retval optional, will receive the program's exit code. * (non-zero is usually failure) * @param $environ Array optional environment variables which should be * added to the executed command environment. * @return collected stdout as a string (trailing newlines stripped) */ function wfShellExec($cmd, &$retval = null, $environ = array()) { global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime; static $disabled; if (is_null($disabled)) { $disabled = false; if (wfIniGetBool('safe_mode')) { wfDebug("wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n"); $disabled = 'safemode'; } else { $functions = explode(',', ini_get('disable_functions')); $functions = array_map('trim', $functions); $functions = array_map('strtolower', $functions); if (in_array('passthru', $functions)) { wfDebug("passthru is in disabled_functions\n"); $disabled = 'passthru'; } } } if ($disabled) { $retval = 1; return $disabled == 'safemode' ? 'Unable to run external programs in safe mode.' : 'Unable to run external programs, passthru() is disabled.'; } wfInitShellLocale(); $envcmd = ''; foreach ($environ as $k => $v) { if (wfIsWindows()) { /* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves * appear in the environment variable, so we must use carat escaping as documented in * http://technet.microsoft.com/en-us/library/cc723564.aspx * Note however that the quote isn't listed there, but is needed, and the parentheses * are listed there but doesn't appear to need it. */ $envcmd .= "set {$k}=" . preg_replace('/([&|()<>^"])/', '^\\1', $v) . '&& '; } else { /* Assume this is a POSIX shell, thus required to accept variable assignments before the command * http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_09_01 */ $envcmd .= "{$k}=" . escapeshellarg($v) . ' '; } } $cmd = $envcmd . $cmd; if (wfIsWindows()) { if (version_compare(PHP_VERSION, '5.3.0', '<') && (version_compare(PHP_VERSION, '5.2.1', '>=') || php_uname('s') == 'Windows NT')) { # Hack to work around PHP's flawed invocation of cmd.exe # http://news.php.net/php.internals/21796 # Windows 9x doesn't accept any kind of quotes $cmd = '"' . $cmd . '"'; } } elseif (php_uname('s') == 'Linux') { $time = intval($wgMaxShellTime); $mem = intval($wgMaxShellMemory); $filesize = intval($wgMaxShellFileSize); if ($time > 0 && $mem > 0) { $script = "{$IP}/bin/ulimit4.sh"; if (is_executable($script)) { $cmd = '/bin/bash ' . escapeshellarg($script) . " {$time} {$mem} {$filesize} " . escapeshellarg($cmd); } } } wfDebug("wfShellExec: {$cmd}\n"); $retval = 1; // error by default? ob_start(); passthru($cmd, $retval); $output = ob_get_contents(); ob_end_clean(); if ($retval == 127) { wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n"); } return $output; }
/** * Execute a shell command, with time and memory limits mirrored from the PHP * configuration if supported. * @param $cmd Command line, properly escaped for shell. * @param &$retval optional, will receive the program's exit code. * (non-zero is usually failure) * @return collected stdout as a string (trailing newlines stripped) */ function wfShellExec($cmd, &$retval = null) { global $IP, $wgMaxShellMemory, $wgMaxShellFileSize, $wgMaxShellTime; static $disabled; if (is_null($disabled)) { $disabled = false; if (wfIniGetBool('safe_mode')) { wfDebug("wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n"); $disabled = true; } $functions = explode(',', ini_get('disable_functions')); $functions = array_map('trim', $functions); $functions = array_map('strtolower', $functions); if (in_array('passthru', $functions)) { wfDebug("passthru is in disabled_functions\n"); $disabled = true; } } if ($disabled) { $retval = 1; return "Unable to run external programs in safe mode."; } wfInitShellLocale(); if (php_uname('s') == 'Linux') { $time = intval($wgMaxShellTime); $mem = intval($wgMaxShellMemory); $filesize = intval($wgMaxShellFileSize); if ($time > 0 && $mem > 0) { $script = "{$IP}/bin/ulimit4.sh"; if (is_executable($script)) { $cmd = escapeshellarg($script) . " {$time} {$mem} {$filesize} " . escapeshellarg($cmd); } } } elseif (php_uname('s') == 'Windows NT') { # This is a hack to work around PHP's flawed invocation of cmd.exe # http://news.php.net/php.internals/21796 $cmd = '"' . $cmd . '"'; } wfDebug("wfShellExec: {$cmd}\n"); $retval = 1; // error by default? ob_start(); passthru($cmd, $retval); $output = ob_get_contents(); ob_end_clean(); if ($retval == 127) { wfDebugLog('exec', "Possibly missing executable file: {$cmd}\n"); } return $output; }