This method is limited to PHP running on POSIX systems
The functions such assystem
,popen
, whether in the context of PHP or C & POSIX, are never meant to take synthesized command strings. So the thinking process of designing such a function should begin with a constant-valued command string.
Next, PHP does provide the capability to set individual environment variables like C (though not unsetting them afterwards), and this capability is largely immune to injection-related attacks. So we can build a command that takes environment variables, assemble a command vector, then invokeexec
shell built-in command.
Here's the full code:
<?php
$spawncmd = <<<'EOF'
set --
n=0
while [ $n -lt $execargc ] ; do
eval "set -- \"\$@\" \"\$execarg$n\""
unset -v execarg$n
n=$((n+1))
done
unset -v execargc
exec "$@"
EOF;
// Invokes external program and return its output.
function spawn($args)
{
global $spawncmd;
putenv("execargc=".count($args));
for($i=0; $i<count($args); $i++)
putenv("execarg$i=".$args[$i]);
$ret = shell_exec($spawncmd);
putenv("execargc=");
for($i=0; $i<count($args); $i++)
putenv("execarg$i=");
return $ret;
}
// Invokes external program and return its exit status.
function catspawn($args)
{
global $spawncmd;
putenv("execargc=".count($args));
for($i=0; $i<count($args); $i++)
putenv("execarg$i=".$args[$i]);
$ret = null;
passthru($spawncmd, $ret);
putenv("execargc=");
for($i=0; $i<count($args); $i++)
putenv("execarg$i=");
return $ret;
}
// Argument vector version of popen.
function pspawn($args, $mode)
{
global $spawncmd;
putenv("execargc=".count($args));
for($i=0; $i<count($args); $i++)
putenv("execarg$i=".$args[$i]);
$ret = popen($spawncmd, $mode);
putenv("execargc=");
for($i=0; $i<count($args); $i++)
putenv("execarg$i=");
return $ret;
}
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Find the answer in similar questions on our website.
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.
PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites.
The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/
Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.
Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.
Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.