|
11 | 11 | $magentoObjectManager = $magentoObjectManagerFactory->create($_SERVER);
|
12 | 12 | $tokenModel = $magentoObjectManager->get(\Magento\Integration\Model\Oauth\Token::class);
|
13 | 13 |
|
14 |
| - $tokenPassedIn = urldecode($_POST['token']); |
15 |
| - $command = urldecode($_POST['command']); |
16 |
| - $arguments = urldecode($_POST['arguments']); |
| 14 | + $tokenPassedIn = urldecode($_POST['token'] ?? ''); |
| 15 | + $command = urldecode($_POST['command'] ?? ''); |
| 16 | + $arguments = urldecode($_POST['arguments'] ?? ''); |
17 | 17 |
|
18 | 18 | // Token returned will be null if the token we passed in is invalid
|
19 | 19 | $tokenFromMagento = $tokenModel->loadByToken($tokenPassedIn)->getToken();
|
|
22 | 22 | $magentoBinary = $php . ' -f ../../../../bin/magento';
|
23 | 23 | $valid = validateCommand($magentoBinary, $command);
|
24 | 24 | if ($valid) {
|
25 |
| - $process = new Symfony\Component\Process\Process($magentoBinary . " $command" . " $arguments"); |
| 25 | + $fullCommand = escapeshellcmd($magentoBinary . " $command" . " $arguments"); |
| 26 | + $process = new Symfony\Component\Process\Process($fullCommand); |
26 | 27 | $process->setIdleTimeout(60);
|
27 | 28 | $process->setTimeout(0);
|
28 | 29 | $idleTimeout = false;
|
|
40 | 41 | $output = "CLI command timed out, no output available.";
|
41 | 42 | $idleTimeout = true;
|
42 | 43 | }
|
| 44 | + |
| 45 | + if (checkForFilePath($output)) { |
| 46 | + $output = "CLI output suppressed, filepath detected in output."; |
| 47 | + } |
| 48 | + |
43 | 49 | $exitCode = $process->getExitCode();
|
44 | 50 |
|
45 | 51 | if ($exitCode == 0 || $idleTimeout) {
|
@@ -103,3 +109,13 @@ function trimAfterWhitespace($string)
|
103 | 109 | {
|
104 | 110 | return strtok($string, ' ');
|
105 | 111 | }
|
| 112 | + |
| 113 | +/** |
| 114 | + * Detects file path in string. |
| 115 | + * @param string $string |
| 116 | + * @return boolean |
| 117 | + */ |
| 118 | +function checkForFilePath($string) |
| 119 | +{ |
| 120 | + return preg_match('/\/[\S]+\//', $string); |
| 121 | +} |
0 commit comments