From 528e66859bdf912b422efaa5e0ba833eef939735 Mon Sep 17 00:00:00 2001
From: Glandos <bugs-github@antipoul.fr>
Date: Wed, 15 Feb 2023 23:37:13 +0100
Subject: [PATCH 1/3] Use proc_open to avoid spawning a shell

The use of `exec` will spawn a shell, using `/bin/sh` on POSIX platforms. But in restricted environment, such as AppArmor, this means giving execution to `/bin/sh`, which renders the execution restriction quite useless.
Using an array with `proc_open` reduces this, and paved the way for file streaming instead of temporary file.

Signed-off-by: Glandos <bugs-github@antipoul.fr>
---
 lib/private/Preview/Movie.php | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php
index 486c301d987..5b188be68b7 100644
--- a/lib/private/Preview/Movie.php
+++ b/lib/private/Preview/Movie.php
@@ -125,23 +125,30 @@ class Movie extends ProviderV2 {
 		$binaryType = substr(strrchr($this->binary, '/'), 1);
 
 		if ($binaryType === 'avconv') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -an -f mjpeg -vframes 1 -vsync 1 ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
+                    $tmpPath];
 		} elseif ($binaryType === 'ffmpeg') {
-			$cmd = $this->binary . ' -y -ss ' . escapeshellarg((string)$second) .
-				' -i ' . escapeshellarg($absPath) .
-				' -f mjpeg -vframes 1' .
-				' ' . escapeshellarg($tmpPath) .
-				' 2>&1';
+            $cmd = [$this->binary, '-y', '-ss', (string)$second,
+                    '-i', $absPath,
+                    '-f', 'mjpeg', '-vframes', '1',
+                    $tmpPath];
 		} else {
 			// Not supported
 			unlink($tmpPath);
 			return null;
 		}
 
-		exec($cmd, $output, $returnCode);
+		$proc = proc_open($cmd, [1 => ['pipe', 'w'], 2 => ['pipe', 'w']], $pipes);
+		$returnCode = -1;
+		$output = "";
+		if (is_resource($proc)) {
+				$stdout = trim(stream_get_contents($pipes[1]));
+				$stderr = trim(stream_get_contents($pipes[2]));
+				$returnCode = proc_close($proc);
+				$output = $stdout . $stderr;
+		}
 
 		if ($returnCode === 0) {
 			$image = new \OCP\Image();

From 59e7ed1fad8ce97c0216524b182a4a98d814be20 Mon Sep 17 00:00:00 2001
From: Glandos <bugs-github@antipoul.fr>
Date: Wed, 15 Feb 2023 23:40:16 +0100
Subject: [PATCH 2/3] fix indent

Signed-off-by: Glandos <bugs-github@antipoul.fr>
---
 lib/private/Preview/Movie.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php
index 5b188be68b7..b5842d11dd5 100644
--- a/lib/private/Preview/Movie.php
+++ b/lib/private/Preview/Movie.php
@@ -125,15 +125,15 @@ class Movie extends ProviderV2 {
 		$binaryType = substr(strrchr($this->binary, '/'), 1);
 
 		if ($binaryType === 'avconv') {
-            $cmd = [$this->binary, '-y', '-ss', (string)$second,
-                    '-i', $absPath,
-                    '-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
-                    $tmpPath];
+			$cmd = [$this->binary, '-y', '-ss', (string)$second,
+					'-i', $absPath,
+					'-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
+					$tmpPath];
 		} elseif ($binaryType === 'ffmpeg') {
-            $cmd = [$this->binary, '-y', '-ss', (string)$second,
-                    '-i', $absPath,
-                    '-f', 'mjpeg', '-vframes', '1',
-                    $tmpPath];
+			$cmd = [$this->binary, '-y', '-ss', (string)$second,
+				'-i', $absPath,
+				'-f', 'mjpeg', '-vframes', '1',
+				$tmpPath];
 		} else {
 			// Not supported
 			unlink($tmpPath);

From 3bea7af7b7842af207ec973e83b5d87079c617af Mon Sep 17 00:00:00 2001
From: Glandos <bugs-github@antipoul.fr>
Date: Thu, 16 Feb 2023 10:10:12 +0100
Subject: [PATCH 3/3] fix indent 2

Signed-off-by: Glandos <bugs-github@antipoul.fr>
---
 lib/private/Preview/Movie.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/private/Preview/Movie.php b/lib/private/Preview/Movie.php
index b5842d11dd5..13d868cd583 100644
--- a/lib/private/Preview/Movie.php
+++ b/lib/private/Preview/Movie.php
@@ -126,9 +126,9 @@ class Movie extends ProviderV2 {
 
 		if ($binaryType === 'avconv') {
 			$cmd = [$this->binary, '-y', '-ss', (string)$second,
-					'-i', $absPath,
-					'-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
-					$tmpPath];
+				'-i', $absPath,
+				'-an', '-f', 'mjpeg', '-vframes', '1', '-vsync', '1',
+				$tmpPath];
 		} elseif ($binaryType === 'ffmpeg') {
 			$cmd = [$this->binary, '-y', '-ss', (string)$second,
 				'-i', $absPath,
@@ -144,10 +144,10 @@ class Movie extends ProviderV2 {
 		$returnCode = -1;
 		$output = "";
 		if (is_resource($proc)) {
-				$stdout = trim(stream_get_contents($pipes[1]));
-				$stderr = trim(stream_get_contents($pipes[2]));
-				$returnCode = proc_close($proc);
-				$output = $stdout . $stderr;
+			$stdout = trim(stream_get_contents($pipes[1]));
+			$stderr = trim(stream_get_contents($pipes[2]));
+			$returnCode = proc_close($proc);
+			$output = $stdout . $stderr;
 		}
 
 		if ($returnCode === 0) {