Filter potentially problematic $_ENV variables

epriestley · epriestley · commit 52b9e5ec1423 · 2015-04-27T05:21:15.000-07:00
Summary: Caught this in the production error logs. We can end up with `argv` defined and set to an array in an nginx + php-fpm configuration. When we later run `ExecFuture` subprocesses, they won't be able to forward the value. The error this produces looks like this: ``` 015/04/27 12:17:35 [error] 10948#0: *674 FastCGI sent in stderr: "PHP message: [2015-04-27 12:17:35] ERROR 8: Array to string conversion at [/core/lib/libphutil/src/future/exec/ExecFuture.php:667] PHP message: arcanist(head=master, ref.master=805ae12408e8), phabricator(head=master, ref.master=8ce8a761efe9), phutil(head=master, ref.master=fccf03d48e08) PHP message: #0 ExecFuture::isReady() called at [<phutil>/src/future/Future.php:39] PHP message: #1 Future::resolve(NULL) called at [<phutil>/src/future/exec/ExecFuture.php:413] PHP message: #2 ExecFuture::resolvex() called at [<phabricator>/src/applications/diffusion/query/rawdiff/DiffusionGitRawDiffQuery.php:40] PHP message: #3 DiffusionGitRawDiffQuery::executeQuery() called at [<phabricator>/src/applications/diffusion/query/rawdiff/DiffusionRawDiffQuery.php:17] PHP message: phacility#4 DiffusionRawDiffQuery::loadRawDiff() called at [<phabricator>/src/applications/diffusion/conduit/DiffusionRawDiffQueryConduitAPIMethod.php:56] PHP message: phacility#5 DiffusionRawDiffQueryConduitAPIMethod::getResult(ConduitAPIRequest) called at [<phabricator>/src/applications/diffusion/conduit/DiffusionQueryConduitAPIMethod.php:135] PHP message: phacility#6 DiffusionQueryConduitAPIMethod::execute(ConduitAPIRequest) called at [<phabricator>/src/applications/conduit/method/ConduitAPIMethod.php:90] PHP message: phacility#7 ConduitAPIMethod::executeMethod(ConduitAPIRequest) called at [<phabricator>/src/applications/conduit/call/ConduitCall.php:134] PHP message: phacility#8 ConduitCall::executeMethod() called at [<phabricator>/src/applications/conduit/call/ConduitCall.php:84] PHP message: #9 ConduitCall::execute() called at [<phabricator>/src/applications/diffusion/query/DiffusionQuery.php:81] PHP message: phacility#10 DiffusionQuery::callConduitWithDiffusionRequest(PhabricatorUser, DiffusionGitRequest, string, array) called at [<phabricator>/src/applications/diffusion/controller/DiffusionController.php:184] PHP message: phacility#11 DiffusionController::callConduitWithDiffusionRequest(string, array) called at [<phabricat ``` Test Plan: I'm just going to push this to make sure it fixes things, since I can't repro it locally. Reviewers: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D12571
diff --git a/support/PhabricatorStartup.php b/support/PhabricatorStartup.php
@@ -425,7 +425,8 @@ private static function normalizeInput() {
           $_POST = array_merge($_POST, $filtered);
           break;
         case INPUT_ENV;
-          $_ENV = array_merge($_ENV, $filtered);
+          $env = array_merge($_ENV, $filtered);
+          $_ENV = self::filterEnvSuperglobal($env);
           break;
       }
     }
@@ -458,6 +459,30 @@ private static function normalizeInput() {
     }
   }
 
+
+  /**
+   * Adjust `$_ENV` before execution.
+   *
+   * Adjustments here primarily impact the environment as seen by subprocesses.
+   * The environment is forwarded explicitly by @{class:ExecFuture}.
+   *
+   * @param map<string, wild> Input `$_ENV`.
+   * @return map<string, string> Suitable `$_ENV`.
+   * @task validation
+   */
+  private static function filterEnvSuperglobal(array $env) {
+
+    // In some configurations, we may get "argc" and "argv" set in $_ENV.
+    // These are not real environmental variables, and "argv" may have an array
+    // value which can not be forwarded to subprocesses. Remove these from the
+    // environment if they are present.
+    unset($env['argc']);
+    unset($env['argv']);
+
+    return $env;
+  }
+
+
   /**
    * @task validation
    */
