r82592 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r82591‎ | r82592 | r82593 >
Date:07:13, 22 February 2011
Author:jnatividad
Status:deferred
Tags:
Comment:
removed script mode. Now only supports prefab mode for security purposes. Added escapeshellcmd to sanitize ploticus cmdline call.
Modified paths:
  • /trunk/extensions/SemanticResultFormats/Ploticus/SRF_Ploticus.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticResultFormats/Ploticus/SRF_Ploticus.php
@@ -24,7 +24,6 @@
2525 protected $m_imageformat = 'gif';
2626 protected $m_titletext = '';
2727 protected $m_showcsv = false;
28 - protected $m_ploticusmode = 'prefab';
2928 protected $m_debug = false;
3029 protected $m_liveupdating = true;
3130 protected $m_updatefrequency = 3600; // by default, generate plot only once per hour
@@ -52,9 +51,6 @@
5352 $tmpcmp = strtolower( trim( $params['showcsv'] ) );
5453 $this->m_showcsv = $tmpcmp == 'false' || $tmpcmp == 'no' ? false : $tmpcmp;
5554 }
56 - if ( array_key_exists( 'ploticusmode', $this->m_params ) ) {
57 - $this->m_ploticusmode = strtolower( trim( $params['ploticusmode'] ) );
58 - }
5955 if ( array_key_exists( 'debug', $this->m_params ) ) {
6056 $tmpcmp = strtolower( trim( $params['debug'] ) );
6157 $this->m_debug = $tmpcmp == 'false' || $tmpcmp == 'no' ? false : $tmpcmp;
@@ -116,22 +112,12 @@
117113 if ( !file_exists( $srfgPloticusPath ) )
118114 return ( '<p classid=""srfperror">ERROR: Could not find ploticus in <em>' . $srfgPloticusPath . '</em></p>' );
119115
120 - if ( $this->m_ploticusmode !== 'script' && $this->m_ploticusmode !== 'prefab' )
121 - return ( '<p classid="srfperror">ERROR: Unknown mode specified (' . $this->m_ploticusmode .
122 - '). Only "prefab" (default) and "script" mode supported.</p>' );
123 -
124 - // remove potentially dangerous keywords (prefab mode) or ploticus directives (script mode)
 116+ // remove potentially dangerous keywords
125117 // this is an extended check, JUST IN CASE, even though we're invoking ploticus with the noshell security parameter
126 - if ( $this->m_ploticusmode === 'prefab' ) {
127 - // we also remove line endings for prefab - this is done for readability so the user can specify the prefab
128 - // params over several lines rather than one long command line
129 - $searches = array( '/`/m', '/system/im', '/shell/im', "/\s*?\n/m" );
130 - $replaces = array( '', '', '', ' ' );
131 - } else {
132 - $searches = array( '/`/m', '/#include/im', '/#shell/im', '/#sql/im', '/#write/im', '/#cat/im' );
133 - $replaces = array( '', '// ERROR: INCLUDE not allowed', '// ERROR: SHELL not allowed',
134 - '// ERROR: SQL not allowed', '// ERROR: WRITE not allowed', '// ERROR: CAT not allowed' );
135 - }
 118+ // we also remove line endings - this is done for readability so the user can specify the prefab
 119+ // params over several lines rather than one long command line
 120+ $searches = array( '/`/m', '/system/im', '/shell/im', "/\s*?\n/m" );
 121+ $replaces = array( '', '', '', ' ' );
136122 $sanitized_ploticusparams = preg_replace( $searches, $replaces, $this->m_ploticusparams );
137123
138124 // Create the ploticus data directory if it doesn't exist
@@ -199,8 +185,6 @@
200186 $errorURL = $wgUploadPath . '/ploticus/' . $hashname . '.err';
201187 $mapFile = $ploticusDir . $hashname . '.map';
202188 $mapURL = $wgUploadPath . '/ploticus/' . $hashname . '.map';
203 - $scriptFile = $ploticusDir . $hashname . '.plo';
204 - $scriptURL = $wgUploadPath . '/ploticus/' . $hashname . '.plo';
205189
206190 if ( ( $this->m_updatefrequency > 0 ) && file_exists( $graphFile ) ) {
207191 // get time graph was last generated. Also check to see if the
@@ -215,46 +199,28 @@
216200 // check if previous plot generated with the same params and result data is available
217201 // we know this from the md5 hash. This should eliminate
218202 // unneeded, CPU-intensive invocations of ploticus and minimize
219 - // the need to periodically clean-up graph, csv, script and map files
 203+ // the need to periodically clean-up graph, csv, and map files
220204 $errorData = '';
221205 if ( $this->m_debug || !file_exists( $graphFile ) ) {
222206
223207 // we set $srfgEnvSettings if specified
224208 $commandline = empty( $srfgEnvSettings ) ? ' ' : $srfgEnvSettings . ' ';
225209
226 - if ( $this->m_ploticusmode === 'script' ) {
227 - // Script mode. Search for special keywords in ploticusparam
228 - // and replace it with actual values. (case-sensitive)
229 - // The special keywords currently are: %DATAFILE.CSV%, %WORKINGDIR%
230 - $replaces = array( '%DATAFILE.CSV%' => wfEscapeShellArg( $dataFile ),
231 - '%WORKINGDIR%' => $ploticusDir );
232 - $literal_ploticusparams = strtr( $sanitized_ploticusparams, $replaces );
233 - $fhandle = fopen( $scriptFile, 'w' );
234 - fputs( $fhandle, $literal_ploticusparams );
235 - fclose( $fhandle );
 210+
 211+ // build the command line
 212+ $commandline .= wfEscapeShellArg( $srfgPloticusPath ) .
 213+ ( $this->m_debug ? ' -debug':' ' ) .
 214+ ' -noshell ' . $sanitized_ploticusparams .
 215+ ( $this->mShowHeaders ? ' header=yes':' ' ) .
 216+ ' delim=comma data=' . wfEscapeShellArg( $dataFile ) .
 217+ ' -' . $this->m_imageformat;
236218
237 - $commandline .= wfEscapeShellArg( $srfgPloticusPath ) .
238 - ( $this->m_debug ? ' -debug':' ' ) .
239 - ' -noshell -' . $this->m_imageformat .
240 - ' -o ' . wfEscapeShellArg( $graphFile ) .
241 - ' ' . $scriptFile;
 219+ if ( $this->m_imageformat == 'drawdump' || $this->m_imageformat == 'drawdumpa' ) {
 220+ $commandline .= ' ' . wfEscapeShellArg( $ploticusDir . '/' . $this->m_drawdumpoutput );
 221+ } else {
 222+ $commandline .= ' -o ' . wfEscapeShellArg( $graphFile );
 223+ }
242224
243 - } else {
244 - // prefab mode, build the command line accordingly
245 - $commandline .= wfEscapeShellArg( $srfgPloticusPath ) .
246 - ( $this->m_debug ? ' -debug':' ' ) .
247 - ' -noshell ' . $sanitized_ploticusparams .
248 - ( $this->mShowHeaders ? ' header=yes':' ' ) .
249 - ' delim=comma data=' . wfEscapeShellArg( $dataFile ) .
250 - ' -' . $this->m_imageformat;
251 -
252 - if ( $this->m_imageformat == 'drawdump' || $this->m_imageformat == 'drawdumpa' ) {
253 - $commandline .= ' ' . wfEscapeShellArg( $ploticusDir . '/' . $this->m_drawdumpoutput );
254 - } else {
255 - $commandline .= ' -o ' . wfEscapeShellArg( $graphFile );
256 - }
257 - }
258 -
259225 // create the imagemap file if clickmap is specified for ploticus
260226 if ( strpos( $sanitized_ploticusparams, 'clickmap' ) ) {
261227 $commandline .= ' >' . wfEscapeShellArg( $mapFile );
@@ -263,6 +229,8 @@
264230 // send errors to this file
265231 $commandline .= ' 2>' . wfEscapeShellArg( $errorFile );
266232
 233+ // Sanitize commandline
 234+ $commandline = escapeshellcmd( $commandline );
267235 // Execute ploticus.
268236 wfShellExec( $commandline );
269237 $errorData = file_get_contents( $errorFile );
@@ -271,9 +239,6 @@
272240
273241 $graphLastGenerated = time(); // faster than doing filemtime
274242
275 - if ( $this->m_ploticusmode == 'script' && !$this->m_debug ) {
276 - @unlink( $scriptFile );
277 - }
278243 }
279244
280245 // Prepare output. Put everything inside a table
@@ -366,17 +331,11 @@
367332 $rtnstr .= '</td></tr>';
368333
369334 // DEBUGROW - colspan 3, only display when debug is on
370 - // add link to script or display ploticus cmdline/script
 335+ // Display ploticus cmdline
371336 if ( $this->m_debug ) {
372 - $rtnstr .= '<tr><td class="srfpdebug" align="center" colspan="3">DEBUG: ';
373 - if ( $this->m_ploticusmode == 'script' ) {
374 - $rtnstr .= '<a href="' . $scriptURL . '" target="_blank">SCRIPT</a> (<a href="' .
375 - $errorURL . '" target="_blank">Ploticus Trace</a>)</td></tr>';
376 - } else {
377 - $rtnstr .= 'PREFAB (<a href="' . $errorURL .
 337+ $rtnstr .= '<tr><td class="srfpdebug" align="center" colspan="3">DEBUG: PREFAB (<a href=" ' . $errorURL .
378338 '" target="_blank">Ploticus Trace</a>)</td></tr><tr><td class="srfpdebug" colspan="3">' .
379339 $commandline . '</td></tr>';
380 - }
381340 }
382341
383342 $rtnstr .= '</table>';

Status & tagging log