Shell Commands - PHP
Be very wary of using the exec( ), system( ), passthru( ), and popen( ) functions and the backtick ('') operator in your code. The shell is a problem because it recognizes special characters (e.g., semicolons to separate commands). For example, suppose your script contains this line:
system("ls $directory");
 

If the user passes the value "/tmp;cat /etc/passwd" as the $directory parameter, your password file is displayed because system( ) executes the following command:
ls /tmp;cat /etc/passwd
In cases where you must pass user-supplied arguments to a shell command, use escapeshellarg( ) on the string to escape any sequences that have special meaning to shells:
$cleaned_up = escapeshellarg($directory);
system("ls $cleaned_up");

Now, if the user passes "/tmp;cat /etc/passwd", the command that's actually run is:
ls '/tmp;cat /etc/passwd'
The easiest way to avoid the shell is to do the work of whatever program you're trying to call. Built-in functions are likely to be more secure than anything involving the shell.
 

Comment an article   Name   E-mail    Title Available characters: 4000  Notify me of follow-up comments Enter what you see:

No comment posted