diff options
author | Glandos <bugs-github@antipoul.fr> | 2023-02-15 23:37:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-15 23:37:13 +0100 |
commit | 528e66859bdf912b422efaa5e0ba833eef939735 (patch) | |
tree | db31e206597c34109bf85e7d6ea40a189a1670f2 /lib/private | |
parent | b36a31c918ad997e6d227dc7923791c487e18e51 (diff) | |
download | nextcloud-server-528e66859bdf912b422efaa5e0ba833eef939735.tar.gz nextcloud-server-528e66859bdf912b422efaa5e0ba833eef939735.zip |
Use proc_open to avoid spawning a shell
The use of `exec` will spawn a shell, using `/bin/sh` on POSIX platforms. But in restricted environment, such as AppArmor, this means giving execution to `/bin/sh`, which renders the execution restriction quite useless.
Using an array with `proc_open` reduces this, and paved the way for file streaming instead of temporary file.
Signed-off-by: Glandos <bugs-github@antipoul.fr>
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/Preview/Movie.php | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php index 486c301d987..5b188be68b7 100644 --- a/lib/private/Preview/Movie.php +++ b/lib/private/Preview/Movie.php @@ -125,23 +125,30 @@ class Movie extends ProviderV2 { $binaryType = substr(strrchr($this->binary, '/'), 1); if ($binaryType === 'avconv') { - $cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) . - ' -i ' . escapeshellarg($absPath) . - ' -an -f mjpeg -vframes 1 -vsync 1 ' . escapeshellarg($tmpPath) . - ' 2>&1'; + $cmd = [$this->binary, '-y', '-ss', (string)$second, + '-i', $absPath, + '-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1', + $tmpPath]; } elseif ($binaryType === 'ffmpeg') { - $cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) . - ' -i ' . escapeshellarg($absPath) . - ' -f mjpeg -vframes 1' . - ' ' . escapeshellarg($tmpPath) . - ' 2>&1'; + $cmd = [$this->binary, '-y', '-ss', (string)$second, + '-i', $absPath, + '-f', 'mjpeg', '-vframes', '1', + $tmpPath]; } else { // Not supported unlink($tmpPath); return null; } - exec($cmd, $output, $returnCode); + $proc = proc_open($cmd, [1 => ['pipe', 'w'], 2 => ['pipe', 'w']], $pipes); + $returnCode = -1; + $output = ""; + if (is_resource($proc)) { + $stdout = trim(stream_get_contents($pipes[1])); + $stderr = trim(stream_get_contents($pipes[2])); + $returnCode = proc_close($proc); + $output = $stdout . $stderr; + } if ($returnCode === 0) { $image = new \OCP\Image(); |