- πΈπ°Slovakia poker10
Thanks for working on this. The same code is still in D11 (see here: https://git.drupalcode.org/project/drupal/-/blob/11.x/core/modules/syste...), so according to the backport policy, I am changing the version.
- πΊπΈUnited States TolstoyDotCom L.A.
It'd be a good idea to replace this, but now there's an SSH class that has things like
ssh2_exec($this->connection, 'rm -Rf ' . escapeshellarg($directory)). There's no check if $directory is '/', '/bin', 'bin', '/home/*', etc. That code is in theremoveDirectoryJailedmethod so presumably it's only allowed to operate within a specific directory.Also, the vendor directory for D11 dev is chock full of calls to
exec()andshell_exec(). Symfony even includes an.exefile. - First commit to issue fork.
- πΊπΈUnited States dww
More specific title.
FYI: this whole test is going to be removed in D12 since itβs testing deprecated code. See π Deprecate/remove the ability to update a module from a URL and authorize.php Active
That said, +1 to cleaning this up, if only since the work is already done. π
Automatically closed - issue fixed for 2 weeks with no activity.