dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
shell: Optionally restrict commands' access with firejail
[lhc/web/wiklou.git] / includes / GitInfo.php
diff --git a/includes/GitInfo.php b/includes/GitInfo.php
index 8095fd7..f170a02 100644 (file)
--- a/includes/GitInfo.php
+++ b/includes/GitInfo.php
@@ -232,6 +232,8 @@ class GitInfo {
                                ];
                                $result = Shell::command( $cmd )
                                        ->environment( [ 'GIT_DIR' => $this->basedir ] )
+                                       ->restrict( Shell::RESTRICT_DEFAULT | Shell::NO_NETWORK )
+                                       ->whitelistPaths( [ $this->basedir ] )
                                        ->execute();
 
                                if ( $result->getExitCode() === 0 ) {
Wiklou, le Wiki du Wiklou