Skip to content

Document executeAllowedCommands in app.example and upgrading guide#486

Merged
dereuromark merged 1 commit intomasterfrom
execute-allowlist-docs
May 2, 2026
Merged

Document executeAllowedCommands in app.example and upgrading guide#486
dereuromark merged 1 commit intomasterfrom
execute-allowlist-docs

Conversation

@dereuromark
Copy link
Copy Markdown
Owner

@dereuromark dereuromark commented May 2, 2026

Summary

Follow-up to #485. The merged change introduced Queue.executeAllowedCommands and a behavior change for callers that previously embedded multiple tokens in a single params entry, but neither showed up in the two places users look first.

  • config/app.example.php is the canonical inventory of every Queue.* knob (every other option is listed there with a one-line comment). The new allow-list key is now there too, with a short note that production rejects every Execute job when the list is empty/unset.
  • docs/sections/upgrading.md now has an ExecuteTask security hardening subsection that flags both the param-splitting BC break and the production allow-list requirement, so anyone upgrading from a release prior to Harden ExecuteTask with per-arg escapeshellarg and allow-list #485 sees it before things mysteriously start failing.

No code or logic changes; PHP lint clean on app.example.php.

@dereuromark
Document Queue.executeAllowedCommands and ExecuteTask BC change
5b20825 
Add the new allow-list config option to config/app.example.php (the
canonical inventory of Queue.* knobs) so users wiring up the plugin
discover that production needs it.

Add an upgrading-doc subsection covering both the per-token
escapeshellarg switch (callers with multi-token single-param entries
must split them) and the production allow-list requirement.
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 2, 2026
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.54%. Comparing base (6443a03) to head (5b20825).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master     #486   +/-   ##
=========================================
  Coverage     77.54%   77.54%           
  Complexity      966      966           
=========================================
  Files            45       45           
  Lines          3238     3238           
=========================================
  Hits           2511     2511           
  Misses          727      727

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dereuromark dereuromark merged commit 22cbe5b into master May 2, 2026
16 checks passed
@dereuromark dereuromark deleted the execute-allowlist-docs branch May 2, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dereuromark @codecov-commenter