// Hide compatibility functions from Doxygen
/// @cond
-
/**
* Compatibility functions
*
}
wfDebug( "wfShellExec: $cmd\n" );
+ // Don't try to execute commands that exceed Linux's MAX_ARG_STRLEN.
+ // Other platforms may be more accomodating, but we don't want to be
+ // accomodating, because very long commands probably include user
+ // input. See T129506.
+ if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+ throw new Exception( __METHOD__ .
+ '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' );
+ }
+
$desc = [
0 => [ 'file', 'php://stdin', 'r' ],
1 => [ 'pipe', 'w' ],
$eintr = defined( 'SOCKET_EINTR' ) ? SOCKET_EINTR : 4;
$eintrMessage = "stream_select(): unable to select [$eintr]";
- // Build a table mapping resource IDs to pipe FDs to work around a
- // PHP 5.3 issue in which stream_select() does not preserve array keys
- // <https://bugs.php.net/bug.php?id=53427>.
- $fds = [];
- foreach ( $pipes as $fd => $pipe ) {
- $fds[(int)$pipe] = $fd;
- }
-
$running = true;
$timeout = null;
$numReadyPipes = 0;
break;
}
}
- foreach ( $readyPipes as $pipe ) {
+ foreach ( $readyPipes as $fd => $pipe ) {
$block = fread( $pipe, 65536 );
- $fd = $fds[(int)$pipe];
if ( $block === '' ) {
// End of file
fclose( $pipes[$fd] );