Приглашаем посетить
Лермонтов (lermontov-lit.ru)

Section B.2.  exec( )

Previous
Table of Contents
Next

B.2. exec( )

As described in Chapter 6, executing shell commands is a very dangerous operation, and the use of tainted data in the construction of a shell command creates a command injection vulnerability.

Try to avoid using shell command functions, but when you require them, be sure to use only filtered, escaped data in the construction of the command to be executed:

    <?php

    $clean = array();
    $shell = array();

    /* Filter Input ($command, $argument) */

    $shell['command'] = escapeshellcmd($clean['command']);
    $shell['argument'] = escapeshellarg($clean['argument']);

    $last = exec("{$shell['command']} {$shell['argument']}", $output, $return);

    ?>


Previous
Table of Contents
Next