Posted by Schraalhans Keukenmeester on 05/25/07 20:35

At Fri, 25 May 2007 15:09:00 -0500, Matt F let his monkeys type:

> On Fri, 25 May 2007 19:08:42 +0100, Toby A Inkster
> <usenet200703@tobyinkster.co.uk> wrote: : Matt F wrote:
> :
> :
> : Think about:
> : http://example.com/ping.php?Count=;rm+-fr+~; :
>
> Sorry, but I don't follow. Please elaborate.
>
> Matt

Toby warns you that if you accept $_GET params like that, without
checking, you leave a door wide open for people to wreak havoc on your
server (the suggested paramters attempts to wipe everything on your
system. You can think up your own nightmare scenario here)

Better is to accept params, and construct/pick preselected commands based
on the input instead of passing $_GET vars literally as commands to the
OS.

What you are looking for is popen() or proc_open():

Example with ping:

$fp = popen("ping -c 20 -i 1 10.0.0.254","r"); // ping 20 times, interval
1 second
while (!feof($fp)) {
set_time_limit (20);
$results = fgets($fp, 256);
if (strlen($results) == 0) {
// stop the browser timing out
echo " ";
flush();
} else {
$tok = strtok($results, "\n");
while ($tok !== false) {
echo htmlentities(sprintf("%s\n",$tok))."<br/>"; flush();
$tok = strtok("\n");
}
}
// avoid a busy wait
sleep(1);
}
?>

This works on my system, running Linux. (example from user contributed
notes with popen() function in PHP online manual)

HTH
Sh.

[Back to original message]