Skip to content

fix: handle disabled shell_exec#598

Merged
kesselb merged 1 commit intomasterfrom
bug/534/handle-deactivated-shell-exec
May 6, 2024
Merged

fix: handle disabled shell_exec#598
kesselb merged 1 commit intomasterfrom
bug/534/handle-deactivated-shell-exec

Conversation

@kesselb
Copy link
Collaborator

@kesselb kesselb commented May 6, 2024

Fix #534

@kesselb
fix: handle disabled shell_exec
3136e57 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
@kesselb kesselb self-assigned this May 6, 2024
@kesselb kesselb added this to the Nextcloud 30 milestone May 6, 2024
@kesselb
Copy link
Collaborator Author

kesselb commented May 6, 2024

/backport to stable29

@kesselb
Copy link
Collaborator Author

kesselb commented May 6, 2024

/backport to stable28

@kesselb kesselb requested review from Altahrim and come-nc May 6, 2024 10:17
joshtrichards
joshtrichards reviewed May 6, 2024
View reviewed changes
lib/OperatingSystems/Linux.php
'gateway' => '',
];

if (function_exists('shell_exec')) {
Copy link
Member

@joshtrichards joshtrichards May 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess the reason we can't use executeCommand() here is because of the inherent use of escapeshellcmd(). Maybe we add an optional parameter to `executeCommand() that specifies whether to escape or not (that defaults true). We could then use consistently (elsewhere too I think) w/o boilerplate.

Copy link
Collaborator Author

@kesselb kesselb May 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, escapeshellcmd does not allow a | b because it escapes the pipe.

I'm not a fan of those piped commands here in serverinfo because of the bad readability. Parsing the command output with PHP is easier to read and test.

I went for the function_exists approach to easily backport it without changing to much.

I have a few ideas in mind for follow-ups

  • Move executeCommand to a trait
  • Drop dns (because that's much more complicated today than reading /etc/resolv.conf)

@kesselb kesselb merged commit a10071d into master May 6, 2024
@delete-merged-branch delete-merged-branch bot deleted the bug/534/handle-deactivated-shell-exec branch May 6, 2024 13:12
This was referenced May 6, 2024
Merged
Merged
@blizzz blizzz mentioned this pull request Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshtrichards joshtrichards joshtrichards left review comments

@come-nc come-nc come-nc approved these changes

@Altahrim Altahrim Awaiting requested review from Altahrim

Assignees

@kesselb kesselb

Labels

3. to review bug

Projects

None yet

Milestone

Nextcloud 30

Development

Successfully merging this pull request may close these issues.

Internal server error: OCA\ServerInfo\OperatingSystems\shell_exec()

3 participants

@kesselb @joshtrichards @come-nc