PHP/Utility Function/escapeshellcmd

Материал из Web эксперт
Перейти к: навигация, поиск

Escaping shell metacharacters

 
<?php
system("ls -al ".escapeshellarg($directory));
system(escapeshellcmd($ls_program)." -al");
?>



Escaping User Input with the escapeshellcmd() Function

 
<html>
<head>
<title>Escaping user input with the escapeshellcmd() function</title>
</head>
<body>
<div>
<form action="<?php print $PHP_SELF ?>" method="post">
<p>
<input type="text" value="<?php print $_REQUEST["manpage"] ?>" name="manpage" />
</p>
</form>
<pre>
<?php
if ( isset( $_REQUEST["manpage"] ) ) {
  $manpage = escapeshellcmd( $_REQUEST["manpage"] );
  system( "man $manpage | col -b" );
}
?>
</pre>
</div>
</body>
</html>



Executing df and displaying the results

 
<?php
exec(escapeshellcmd("df"),$output_lines,$return_value);
echo ("Command returned a value of $return_value.");
echo "</pre>";
foreach ($output_lines as $output) {
    echo "$o";
}
echo "</pre>";
?>



string escapeshellcmd ( string command ) escapes special characters in shell commands

 
$_GET["search"] = escapeshellcmd($_GET["search"]);
    passthru("grep {$_GET["search"] /var/www/meetinglogs/*");
Источник — «http://wbex.ru/index.php?title=PHP/Utility_Function/escapeshellcmd&oldid=1559»