PHP/Utility Function/escapeshellcmd
Содержание
Escaping shell metacharacters
<source lang="html4strict">
<?php system("ls -al ".escapeshellarg($directory)); system(escapeshellcmd($ls_program)." -al"); ?>
</source>
Escaping User Input with the escapeshellcmd() Function
<source lang="html4strict">
<html> <head> <title>Escaping user input with the escapeshellcmd() function</title> </head> <body>
<form action="<?php print $PHP_SELF ?>" method="post">
<input type="text" value="<?php print $_REQUEST["manpage"] ?>" name="manpage" />
</form>
<?php if ( isset( $_REQUEST["manpage"] ) ) { $manpage = escapeshellcmd( $_REQUEST["manpage"] ); system( "man $manpage | col -b" ); } ?>
</body> </html>
</source>
Executing df and displaying the results
<source lang="html4strict">
<?php exec(escapeshellcmd("df"),$output_lines,$return_value); echo ("Command returned a value of $return_value."); echo "</pre>"; foreach ($output_lines as $output) {
echo "$o";
} echo "</pre>"; ?>
</source>
string escapeshellcmd ( string command ) escapes special characters in shell commands
<source lang="html4strict">
$_GET["search"] = escapeshellcmd($_GET["search"]);
passthru("grep {$_GET["search"] /var/www/meetinglogs/*"); </source>