Page MenuHomeMiraheze

Replace exec statements with Shell::command (MediaWiki's Shell Framework)
Closed, ResolvedPublic


Since MediaWiki 1.30 offers a framework for shelling out external commands:

CreateWiki uses various external commands inside SpecialCreateWiki, while not preferred its usage is inevitable (as we perform work on other wiki databases) and the Shell class makes it easier to adopt proper logging and security practices.

Every exec statement should be evaluated. If still deemed necessary, it should be replaced with Shell::command().

(hint: see / for interesting solutions to selectDB hacks and similar)