Open rungta opened 4 years ago
@rungta I think really what should happen is they should all be switched over to use the ::executeShellCommand()
which does exactly that:
protected function executeShellCommand(string $command): string
{
// Create the shell command
$shellCommand = new ShellCommand();
$shellCommand->setCommand($command);
// If we don't have proc_open, maybe we've got exec
if (!\function_exists('proc_open') && \function_exists('exec')) {
$shellCommand->useExec = true;
}
The good news is that there are only 3 places where exec()
is used directly, so this shouldn't be bad to do.
I take it back, it's not a simple swap-out because exec()
returns an array, and the shellCommand
returns a string.
Yeah, I assumed there must’ve been a good reason why it wasn’t already making use of executeShellCommand
. My experience with both these functions is fairly limited though, so not sure of the intricacies.
On 09-Nov-2019, at 19:57, Andrew Welch notifications@github.com wrote:
I take it back, it's not a simple swap-out because exec() returns an array, and the shellCommand returns a string.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Could the
exec
calls in the code base be switched toproc_open
for wider compatibility with systems whereexec
is disabled (and better security?)?