Last modified: 2010-11-08 14:16:44 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 13353 - Diff3 version checks are too strict, doesn't detect working diff3
Diff3 version checks are too strict, doesn't detect working diff3
Product: MediaWiki
Classification: Unclassified
Installer (Other open bugs)
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2008-03-14 03:27 UTC by Anders Häggström
Modified: 2010-11-08 14:16 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Safemode-compatible function for shellcommand execution (30.41 KB, application/x-gzip)
2008-03-14 03:31 UTC, Anders Häggström

Description Anders Häggström 2008-03-14 03:27:26 UTC
My system as per 2008-03-13:

# uname -a
FreeBSD {censored} 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #0: Sun Sep 16 17:25:13 CEST 2007     {censored}:/usr/obj/usr/src/sys/INTERCORNER  i386

# php --version
PHP 5.2.5 with Suhosin-Patch (cli) (built: Jan 18 2008 03:00:34)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

# where diff
# /usr/bin/diff --version
diff - GNU diffutils version 2.7

# where diff3
# /usr/bin/diff3 --version
diff3 - GNU diffutils version 2.7

Now onto the problem. In fact its more like a fiew related problems.
During the installation of MediaWiki 1.12.0rc1 I got the following message "GNU diff3 not found.". I know diff is installed on my system (as shown above) and I don't like errormessages, even small ones, so I investigated it further.
At first I thought the root to this problem/error/bug was that I'm using Safemode, but it is not. So I made a workaround/fix for it.

First part of the problem:
In the file ./config/index.php on line 501 the script is searching for "diff3 (GNU diffutils)" in the output from "% diff3 --version" and according to my output above that does not match and that is part of why MediaWiki do not find the diff-util on my installation.

Second part of the problem:
I am running PHP in safemode and therefore the function shell_exec() is not allowed (back-quotes is an alias of this function) which generates some PHP-warnings instead of doing what it is should to do.

Third part of the problem:
MediaWiki are searching for the diff-util using static paths and not using the $PATH-variable during installation. This is no problem for me but it might be for someone else.
I do not understand the search for "diff3.exe" with hardcoded paths in unix-style format. But I'm no big fan of windoze and it was alot of years ago I programmed for it so I might be missing something.

My modifications and my function is included in this bugreport and here is a description of what and how I modify:
1) ./includes/ShellExec.php -- This file is my function to fetch output from shell applications and is working with safemode enabled (if safemode is properly configured ofcource).
2) ./config/index.php -- I added a require_once() for my function and modified locate_executable() to fetch both the old version-output-format and my different one.
3) ./maintenance/ -- I added a require_once() for my function and modified quickDiff() to use my function instead of back-quotes to execute.

I haven't found any where else the diff-util is used. You probably have better knowloedge of the codebase than me. If you find this modification useful let me know. I will be glad if anyone can test my code and verify it is working or correct me if I am wrong about anything.

Happy coding!
Anders, Sweden
Comment 1 Anders Häggström 2008-03-14 03:31:29 UTC
Created attachment 4713 [details]
Safemode-compatible function for shellcommand execution
Comment 2 Brion Vibber 2008-03-14 17:21:42 UTC
Shell execution is crippled in safe mode because PHP corrupts properly-escaped parameters.
Comment 3 Niklas Laxström 2008-10-06 08:14:44 UTC
What's the status? Fix or wontfix?
Comment 4 Chad H. 2010-05-20 22:55:47 UTC
A bit of both (two issues are identified here).

The main issue is exec() and friends in safe mode. As pointed out in comment #2, it's patently broken in these setups. If there are enhancements we can make to help safe mode users that don't create issues for the rest of us then they should be incorporated into wfShellExec() rather than unconditionally failing like we currently do. However, that's outside the scope of this bug (on a tangent, anything not using wfShellExec() should be) and is a WONTFIX as far as I'm concerned.

The second issue here is that when we're looking for diff3, we're expecting some rather specific output from --version (which is still true with the new installer merged to trunk). The original report obviously has a working diff3, we just don't allow it because its version output isn't matching. This should certainly be fixed and I'm repurposing the bug to concentrate on that.
Comment 5 Chad H. 2010-11-08 14:16:44 UTC
Fixed the diff3 issue in r76302.

Note You need to log in before you can comment on or make changes to this bug.