12.7 Shell Commands

Previous page
Table of content
Next page

Be very wary of using the exec( ) , system( ), passthru( ), and popen( ) functions and the backtick (``) operator in your code. The shell is a problem because it recognizes special characters (e.g., semicolons to separate commands). For example, suppose your script contains this line: 

system("ls $directory");

If the user passes the value "/tmp;cat /etc/passwd" as the $directory parameter, your password file is displayed because system( ) executes the following command: 

ls /tmp;cat /etc/passwd

In cases where you must pass user-supplied arguments to a shell command, use escapeshellarg( ) on the string to escape any sequences that have special meaning to shells: 

$cleaned_up = escapeshellarg($directory); system("ls $cleaned_up");

Now, if the user passes "/tmp;cat /etc/passwd", the command that's actually run is: 

ls '/tmp;cat /etc/passwd'

The easiest way to avoid the shell is to do the work of whatever program you're trying to call. Built-in functions are likely to be more secure than anything involving the shell.


Previous page
Table of content
Next page
Programming PHP
Programming PHP
ISBN: 1565926102
EAN: 2147483647
Year: 2007
Pages: 168
Authors: Rasmus Lerdorf, Kevin Tatroe
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Project Management JumpStart
Image Processing with LabVIEW and IMAQ Vision
Documenting Software Architectures: Views and Beyond
Managing Enterprise Systems with the Windows Script Host
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy