rosell-dk / exec-with-fallback Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 1.0 146 KB

exec() with fallback to emulations (proc_open, passthru, etc)

License: GNU General Public License v3.0

PHP 100.00%

exec-with-fallback's People

Contributors

Stargazers

Watchers

Forkers

liquidmarble

exec-with-fallback's Issues

nocs/notes.md missing

Hi @rosell-dk,

I am using the Wordpress webp-express plugin, which includes this repository.
Since version 0.25.1 the wp-cli file sum check is failing because of a missing file, which results in a failing automated deploy script.

$ which wp
/usr/local/bin/wp
$ wp plugin verify-checksums webp-express 
+--------------+---------------------------------------------------+-----------------+
| plugin_name  | file                                              | message         |
+--------------+---------------------------------------------------+-----------------+
| webp-express | vendor/rosell-dk/exec-with-fallback/docs/notes.md | File is missing |
+--------------+---------------------------------------------------+-----------------+
Error: No plugins verified (1 failed).

Could you add the missing file again or update the webp-express plugin accordingly, please?

Use pcntl_exec() ?

Should we use it?
https://www.php.net/manual/en/function.proc-open.php#102239
https://www.php.net/manual/en/function.pcntl-exec.php
https://www.php.net/manual/en/function.posix-mkfifo.php

exec() might throw fatal - we should throw an Exception rather than calling exec() when nothing is available

Check `ini_get('disable_functions')` too!

Should we heck ini_get('disable_functions') too?

I don't think it is needed.

However, some have been thinking that in the past.
My guess is that such issues only applies to old versions of PHP.
But I might be wrong?

https://stackoverflow.com/questions/3938120/check-if-exec-is-disabled
https://stackoverflow.com/questions/2749591/php-exec-check-if-enabled-or-disabled
https://www.py4u.net/discuss/26911

Some code in notes.md triggers Windows Defender

See rosell-dk/webp-convert#325

Create CI tests with disabled functions

They do it here:
https://github.com/phpstan/phpstan/actions/runs/843373676/workflow

PS: Now we are at it, take a look at this too:
https://github.com/nanasess/setup-php/blob/master/.github/workflows/workflow.yml

Try shell_exec too

Rename the library?

Naming ideas:

Simply what it does:

ExecWithFallback
ExecOrSimilar
TryHarderExec / ExecTryHarder

The rat finds its way… And dont give up easily. Tries different ways

ExecRat / RatExec

Eller navngiv efter Wolfe, “the fixer” i Pulp Fiction - a no nonense charactor who gets the job done (with style)

WolfeExec / ExecWolfe

Nationality:

GermanExec
DanishExec

Material:

RubberExec
RubberbandExec

Other ideas:
StrongExec, ResilientExec, EmulatedExec, GoalOrientedExec, ExecContractor, ExecDeLuxe, DropInExec, BetterExec, ExecMaster, ExecDragon, CuteExec, PersistantExec, ToughExec, ExecWithFallback, AdaptableExec, CompliantExec, ImprovedExec, ResoluteExec, StautExec, ObstinateExec, KeenExec, AgileExec, Smooth, Flexible, ExecAndFriends, SturdyExex, ResilientExec

Make it possible to disable globally with constant or environment variable

It is possible (but very rare!) to configure PHP such that exec() is disabled, but it is impossible to find out from inside PHP.
We have met a system that behaved like this:

function_exists('exec') returns true
ini_get('disable_functions') is blank
is_callable('exec') returns true
calling exec('echo hi') results in a FATAL error (Uncatchable. Yes, register_shutdown_function() could be used, but it is no help)

So, for these poorly setup systems, lets provide some escape hatches. To disable disable exec, one should be able to do one of the following:

Set the "EXEC_WITH_FALLBACK_DISABLE_ALL" environment variable to "1"
Define a constant, "EXEC_WITH_FALLBACK_DISABLE_ALL" , setting it to true (define('EXEC_WITH_FALLBACK_DISABLE_ALL', true);)

We add the following in the top of our exec function:

        if (defined('EXEC_WITH_FALLBACK_DISABLE_ALL') && EXEC_WITH_FALLBACK_DISABLE_EXEC) {
            throw new \Exception('exec() is is disabled with EXEC_WITH_FALLBACK_DISABLE_ALL constant');
        }
        if (getenv('EXEC_WITH_FALLBACK_DISABLE_ALL')) {
            throw new \Exception('exec() is is disabled with EXEC_WITH_FALLBACK_DISABLE_ALL environment variable');
        }

Add code coverage badge and upload report

Use the method I did with the image-mime-type-sniffer library

CI: Downgrade php unit when checking older PHP versions

https://phpunit.de/supported-versions.html

Ignore PHPstan warning about "&" in doc comment

I use "&" in the @param tag for values passed by reference.
PHPstan does not like it.

But there are projects that recommends documenting this way, even though it is not in the PSR-19 draft.
https://stackoverflow.com/questions/62934920/is-there-a-phpdoc-standard-to-describe-function-attributes-passed-by-reference

I want to use it, so I should add an exception for PHPstan

Exec() should be fixed, so it only passes two arguments to ShellExec::exec()
ShellExec() should not just return false if passed 3 arguments, it should throw.