Skip to content

Commit 5ee8dda

Browse files
authored
Merge pull request #469 from magento/MQE-1510
MQE-1510
2 parents 02902f9 + d21fa29 commit 5ee8dda

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

etc/config/command.php

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,9 @@
1111
$magentoObjectManager = $magentoObjectManagerFactory->create($_SERVER);
1212
$tokenModel = $magentoObjectManager->get(\Magento\Integration\Model\Oauth\Token::class);
1313

14-
$tokenPassedIn = urldecode($_POST['token']);
15-
$command = urldecode($_POST['command']);
16-
$arguments = urldecode($_POST['arguments']);
14+
$tokenPassedIn = urldecode($_POST['token'] ?? '');
15+
$command = urldecode($_POST['command'] ?? '');
16+
$arguments = urldecode($_POST['arguments'] ?? '');
1717

1818
// Token returned will be null if the token we passed in is invalid
1919
$tokenFromMagento = $tokenModel->loadByToken($tokenPassedIn)->getToken();
@@ -22,7 +22,8 @@
2222
$magentoBinary = $php . ' -f ../../../../bin/magento';
2323
$valid = validateCommand($magentoBinary, $command);
2424
if ($valid) {
25-
$process = new Symfony\Component\Process\Process($magentoBinary . " $command" . " $arguments");
25+
$fullCommand = escapeshellcmd($magentoBinary . " $command" . " $arguments");
26+
$process = new Symfony\Component\Process\Process($fullCommand);
2627
$process->setIdleTimeout(60);
2728
$process->setTimeout(0);
2829
$idleTimeout = false;
@@ -40,6 +41,11 @@
4041
$output = "CLI command timed out, no output available.";
4142
$idleTimeout = true;
4243
}
44+
45+
if (checkForFilePath($output)) {
46+
$output = "CLI output suppressed, filepath detected in output.";
47+
}
48+
4349
$exitCode = $process->getExitCode();
4450

4551
if ($exitCode == 0 || $idleTimeout) {
@@ -103,3 +109,13 @@ function trimAfterWhitespace($string)
103109
{
104110
return strtok($string, ' ');
105111
}
112+
113+
/**
114+
* Detects file path in string.
115+
* @param string $string
116+
* @return boolean
117+
*/
118+
function checkForFilePath($string)
119+
{
120+
return preg_match('/\/[\S]+\//', $string);
121+
}

0 commit comments

Comments
 (0)