Page MenuHomeMiraheze

Replace exec statements with Shell::command (MediaWiki's Shell Framework)
Closed, ResolvedPublic

Description

Since MediaWiki 1.30 offers a framework for shelling out external commands: https://www.mediawiki.org/wiki/Manual:Shell_framework

CreateWiki uses various external commands inside SpecialCreateWiki, while not preferred its usage is inevitable (as we perform work on other wiki databases) and the Shell class makes it easier to adopt proper logging and security practices.

Every exec statement should be evaluated. If still deemed necessary, it should be replaced with Shell::command().

(hint: see https://github.com/wikimedia/mediawiki-extensions-WikimediaMaintenance/commit/c0569fb89a449d86c5ad5aad5a178ac109de96df#diff-c2cbc3a14b46d0c8e0ee62091f5b07b8R96 / https://phabricator.wikimedia.org/T209483 for interesting solutions to selectDB hacks and similar)