phase a audit

2026-02-22 18:41:08 +01:00
parent 3b2e1bc772
commit 606cbdcb2e
5 changed files with 39 additions and 14 deletions
--- a/src/Controller/Admin/DocumentController.php
+++ b/src/Controller/Admin/DocumentController.php
@@ -410,7 +410,17 @@ class DocumentController extends AbstractController

    private function canExec(): bool
    {
-        return function_exists('exec');
+        if (!function_exists('exec')) {
+            return false;
+        }
+
+        $disabled = (string) ini_get('disable_functions');
+        if ($disabled === '') {
+            return true;
+        }
+
+        $list = array_map('trim', explode(',', $disabled));
+        return !in_array('exec', $list, true);
    }

    private function ensureDir(string $dir): void
@@ -429,14 +439,22 @@ class DocumentController extends AbstractController
        $projectDir = (string)$this->getParameter('kernel.project_dir');
        $console = $projectDir . '/bin/console';

-        // WICHTIG: --no-interaction ist ein GLOBAL-Flag und muss VOR dem Command stehen!
+        $logDir = $projectDir . '/var/log/ingest';
+        if (!is_dir($logDir)) {
+            @mkdir($logDir, 0777, true);
+        }
+        $logFile = $logDir . '/job_' . $jobId . '.log';
+
+        // Wichtig: CLI-PHP verwenden, nicht PHP_BINARY aus FPM
+        $php = 'php';
+
        $cmd = sprintf(
-            '%s %s %s %s %s > /dev/null 2>&1 &',
-            escapeshellarg(PHP_BINARY),
+            '%s %s --no-interaction %s %s >> %s 2>&1 &',
+            escapeshellcmd($php),
            escapeshellarg($console),
-            '--no-interaction',
            escapeshellarg('mto:agent:ingest:run'),
            escapeshellarg($jobId),
+            escapeshellarg($logFile),
        );

        exec($cmd);
--- a/src/Controller/Admin/IngestJobController.php
+++ b/src/Controller/Admin/IngestJobController.php
@@ -96,20 +96,23 @@ class IngestJobController extends AbstractController
        $projectDir = (string)$this->getParameter('kernel.project_dir');
        $console = $projectDir . '/bin/console';

+        $logDir = $projectDir . '/var/log/ingest';
+        if (!is_dir($logDir)) {
+            @mkdir($logDir, 0777, true);
+        }
+        $logFile = $logDir . '/job_' . (string)$job->getId() . '.log';
+
+        $php = 'php';
+
        $cmd = sprintf(
-            '%s %s %s %s > /dev/null 2>&1 &',
+            '%s %s --no-interaction %s %s >> %s 2>&1 &',
+            escapeshellcmd($php),
            escapeshellarg($console),
            escapeshellarg('mto:agent:ingest:run'),
            escapeshellarg((string)$job->getId()),
-            escapeshellarg('--no-interaction'),
+            escapeshellarg($logFile),
        );

-        if (!function_exists('exec')) {
-            $jobService->markFailed($job, 'Server configuration does not allow background execution (exec disabled).');
-            $this->addFlash('danger', 'Global Reindex konnte nicht gestartet werden.');
-            return $this->redirectToRoute('admin_jobs');
-        }
-
        exec($cmd);

        // ---------------------------------------------------------