Section B.2. exec( )

Previous page
Table of content
Next page

B.2. exec( )

As described in Chapter 6, executing shell commands is a very dangerous operation, and the use of tainted data in the construction of a shell command creates a command injection vulnerability.

Try to avoid using shell command functions, but when you require them, be sure to use only filtered, escaped data in the construction of the command to be executed:

     <?php     $clean = array();     $shell = array();     /* Filter Input ($command, $argument) */     $shell['command'] = escapeshellcmd($clean['command']);     $shell['argument'] = escapeshellarg($clean['argument']);     $last = exec("{$shell['command']} {$shell['argument']}", $output, $return);     ?>



Previous page
Table of content
Next page
Essential PHP Security
Essential PHP Security
ISBN: 059600656X
EAN: 2147483647
Year: 2005
Pages: 110
Authors: Chris Shiflett
BUY ON AMAZON
Data Structures and Algorithms in Java
MySQL Cookbook
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
The Java Tutorial: A Short Course on the Basics, 4th Edition
An Introduction to Design Patterns in C++ with Qt 4
Information Dashboard Design: The Effective Visual Communication of Data
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy