Check required exec functions for disablement

PHP 8+ makes disabled functions act as if not defined at all. To account for this and the increased likelihood of hosts to disable functions associated with process execution, check for function existence before running mandatory calls to exec, shell_exec, or escapeshellarg. Other calls like those in the default ExternalImageMagick derivative creator can be avoided through configuration. (#1001)
omeka · Jun 26, 2024 · bb21e98 · bb21e98
1 parent 6506af1
commit bb21e98
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/application/libraries/Omeka/File/MimeType/Detect/Strategy/FileCommand.php b/application/libraries/Omeka/File/MimeType/Detect/Strategy/FileCommand.php
@@ -14,7 +14,11 @@ class Omeka_File_MimeType_Detect_Strategy_FileCommand implements Omeka_File_Mime
     public function detect($file)
     {
         $disabled = explode(', ', ini_get('disable_functions'));
-        if (in_array('shell_exec', $disabled)) {
+        if (!function_exists('escapeshellarg')
+            || !function_exists('shell_exec')
+            || in_array('escapeshellarg', $disabled)
+            || in_array('shell_exec', $disabled)
+        ) {
             // shell_exec is disabled.
             return false;
         }

diff --git a/application/models/File.php b/application/models/File.php
@@ -308,7 +308,9 @@ public function setDefaults($filepath, array $options = array())
     {
         $this->size = filesize($filepath);
         $this->authentication = md5_file($filepath);
-        $this->type_os = substr(trim(exec('file -b ' . trim(escapeshellarg($filepath)))), 0, 255);
+        if (function_exists('exec') && function_exists('escapeshellarg')) {
+            $this->type_os = substr(trim(exec('file -b ' . trim(escapeshellarg($filepath)))), 0, 255);
+        }
         $this->filename = basename($filepath);
         $this->metadata = '';
     }