lubosdz
Repos
21
Followers
8

Events

issue comment
\yii\db\BaseActiveRecord::getDirtyAttributes causes Fatal Error in 2.0.46

Perhaps related to #19546 ?

Created at 3 weeks ago
pull request opened
Support importing SQL file

This complements the dump functionality - allows importing exported SQL dumps.

Created at 3 weeks ago

Support importing SQL file

Created at 3 weeks ago
Created at 3 weeks ago
Created at 3 weeks ago
Update Command.php

Pls can be this released? It's been 3 months since the fix. The issue still appears after composer update & users report duplicity.

Created at 1 month ago
issue comment
PHP 8.1 Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated

Cannot find any error / warnings when executing test on PHP 8.1. Please dump stacktrace here or specify line with the issue. Thank you.

Created at 2 months ago
lubosdz create tag 1.0.3
Created at 2 months ago

added test for loading HTML via path alias

Created at 2 months ago
closed issue
Enable console commands also on hostings where exec() not allowed

What steps will reproduce the problem?

Executing console commands (CLI) throws error on hostings with limited shell script support. Typically some function like exec(), file_get_contents() etc. may be disabled by hosting administrators. In such a case an error e.g. Error: exec() has been disabled for security reasons. pops up and command cannot be executed (e.g. migration).

What is the expected result?

Execute console command, e.g. migration.

What do you get instead?

Error e.g. Error: exec() has been disabled for security reasons. .

Additional info

| Q | A | ---------------- | --- | Yii version | 2.0.45 | PHP version | any | Operating system | linux, windows

Reason & solution

The reason of this message is exec() method in /helpers/BaseConsole::getScreenSize(). Using supress operator @ allows further code execution.

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

Solved by #19471

Created at 2 months ago

Detect properly disabled functions on PHP 7.X and 8.X

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

I found that ini_get() was in the list of disabled functions.

I did not think of that. For PHP 8 would be possible check function_exists("exec"), but for PHP 7 either suggested solution by @WinterSilence which may not sometime work or error supressing operator @.

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

@samdark OK, you are right. Then function names could be converted to lowercase?

if ($execDisabled === null) {
    $disabledFn = explode(',', ini_get('disable_functions'));
    $disabledFn = array_map('trim', $disabledFn);
    $disabledFn = array_map('strtolower', $disabledFn);
    $execDisabled = in_array('exec', $disabledFn);
    if ($execDisabled) {
        return $size = false;
    }
}

Not pretty though ... or just leave it as it is.

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

@WinterSilence Yes. Meaning that code e.g. disable_functions = "system, EXEC" would fail to detect that exec() is disabled. I know it's rare case, just pointing out it still may happen. Most of hostings use properly formatted disable_functions = "system,exec" (no spacing, lowercased), so we can leave as it is if you think it's OK.

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

I adjusted code exactly as suggested by @WinterSilence - but I have two things to point out:

  • if forbidden function are written with commas, it will not work e.g. disable_functions = "system, exec".
  • in_array(.. , true) uses strict mode which is wrong since PHP does not distinguish upper- lower- cased function names.

I would go with code:

if ($execDisabled === null) {
    $disabledFunctions = explode(',', ini_get('disable_functions'));
    $disabledFunctions = array_map('trim', $disabledFunctions);
    $execDisabled = in_array('exec', $disabledFunctions);
    if ($execDisabled) {
        return $size = false;
    }
}

Created at 2 months ago

Fix #19469: Fix a virtual relation not working because of new isset checks in \yii\db\ActiveRelationTrait

update wikipedia link (#19464)

update semver link (#19473)

PHP version update in documentation (#19474)

  • PHP version update in documentation

  • Remove latest php version in documentation

update daringfireball link (#19476)

Fix #19477: cast shell_exec() output to string

update sass,less,typescriptlang links (#19480)

Merge branch 'master' of https://github.com/yiisoft/yii2

#19471 detect exec() amongst forbidden function

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

@WinterSilence Any solution which prevents from script crash is OK, please suggest better solution. Both system() and popen() are typically disabled too, so they are not safe alternatives.

IMO method getScreenSize which is causing this crash, has low relevancy - I mean to get console screen size should not prevent code from execution. If screen size is not determined, then console output is still displayed, no problem there. If no commands disabled, it works in original way.

However I found possible issue - supressing operator @ worked OK with PHP 7.4., but on PHP 8.0 seems crashing with error function does not exist. So I am suspicious that handling of forbidden functions changed somehow between 7.X and 8.X. I will try to test more extensively if I have time next week and I will also try to add test.

Created at 2 months ago
create tag
lubosdz create tag v1.2.1
Created at 2 months ago

readme

Created at 2 months ago

allow installation also for PHP 8

Created at 2 months ago
Created at 2 months ago
reopened issue
Enable console commands also on hostings where exec() not allowed

What steps will reproduce the problem?

Executing console commands (CLI) throws error on hostings with limited shell script support. Typically some function like exec(), file_get_contents() etc. may be disabled by hosting administrators. In such a case an error e.g. Error: exec() has been disabled for security reasons. pops up and command cannot be executed (e.g. migration).

What is the expected result?

Execute console command, e.g. migration.

What do you get instead?

Error e.g. Error: exec() has been disabled for security reasons. .

Additional info

| Q | A | ---------------- | --- | Yii version | 2.0.45 | PHP version | any | Operating system | linux, windows

Reason & solution

The reason of this message is exec() method in /helpers/BaseConsole::getScreenSize(). Using supress operator @ allows further code execution.

Created at 2 months ago
issue comment
Enable console commands also on hostings where exec() not allowed

Replaced with #19471

Created at 2 months ago
closed issue
Enable console commands also on hostings where exec() not allowed

What steps will reproduce the problem?

Executing console commands (CLI) throws error on hostings with limited shell script support. Typically some function like exec(), file_get_contents() etc. may be disabled by hosting administrators. In such a case an error e.g. Error: exec() has been disabled for security reasons. pops up and command cannot be executed (e.g. migration).

What is the expected result?

Execute console command, e.g. migration.

What do you get instead?

Error e.g. Error: exec() has been disabled for security reasons. .

Additional info

| Q | A | ---------------- | --- | Yii version | 2.0.45 | PHP version | any | Operating system | linux, windows

Reason & solution

The reason of this message is exec() method in /helpers/BaseConsole::getScreenSize(). Using supress operator @ allows further code execution.

Created at 2 months ago
pull request opened
Enable console commands also on hostings where exec() not allowed

What steps will reproduce the problem?

Executing console commands (CLI) throws error on hostings with limited shell script support. Typically some function like exec(), file_get_contents() etc. may be disabled by hosting administrators. In such a case an error e.g. Error: exec() has been disabled for security reasons. pops up and command cannot be executed (e.g. migration).

What is the expected result?

Execute console command, e.g. migration.

What do you get instead?

Error e.g. Error: exec() has been disabled for security reasons. .

Additional info

| Q | A | ---------------- | --- | Yii version | 2.0.45 | PHP version | any | Operating system | linux, windows

Reason & solution

The reason of this message is exec() method in /helpers/BaseConsole::getScreenSize(). Using supress operator @ allows further code execution.

Created at 2 months ago

Enable console commands also on hostings where exec() not allowed (#19470)

Created at 2 months ago
opened issue
Enable console commands also on hostings where exec() not allowed

What steps will reproduce the problem?

Executing console commands (CLI) throws error on hostings with limited shell script support. Typically some function like exec(), file_get_contents() etc. may be disabled by hosting administrators. In such a case an error e.g. Error: exec() has been disabled for security reasons. pops up and command cannot be executed (e.g. migration).

What is the expected result?

Execute console command, e.g. migration.

What do you get instead?

Error e.g. Error: exec() has been disabled for security reasons. .

Additional info

| Q | A | ---------------- | --- | Yii version | 2.0.45 | PHP version | any | Operating system | linux, windows

Reason & solution

The reason of this message is exec() method in /helpers/BaseConsole::getScreenSize(). Using supress operator @ allows further code execution.

Created at 2 months ago