Closed Thread Icon

Topic awaiting preservation: Using Exec() etc.... Pages that link to <a href="https://ozoneasylum.com/backlink?for=28399" title="Pages that link to Topic awaiting preservation: Using Exec() etc...." rel="nofollow" >Topic awaiting preservation: Using Exec() etc....\

 
Author Thread
H][RO
Paranoid (IV) Inmate

From: Australia
Insane since: Oct 2002

posted posted 09-06-2006 14:01

One of those days with lots of questions!


Okay basically I need to use imagemagick on my server, so i need to use exec() or shell_exec() or system() so i can run the convert commands.

This is ALL i need exec for.


Basically, what is the safest way to do this? Is there some way to restrict it so exec can only run the convert program?

Keep in mind
- Although i am on shared hosting I have full access to make my own PHP.ini files and settings. I can turn safemode on/off, the whole hog.
- The only user input coming into the exec script itself is image quality which I can safely handle
- I'm not to worried about the exec being abused where i am using it, more if they can inject php code and use exec wherever they want (which im guessing is pretty hard).

Also whats the difference between exec/shell_exec/system - i have read up and one runs a program, one runs it in a shell etc, but im not quite sure the different effects this has.

If i have to leave safe mode on and only allow exec to run this is fine etc (if thats possible).


I have googled it but im finding it hard to find relevant results, so any help would be great - thanks!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 09-06-2006 15:21

All you need to do is secure the string you're passing to exec.

If it's always exec ( command static file A, static File B, image quality), a simple
$imageQuality = intval ($imageQuality);
$imageQuality = min ( 100, max ( 0, $imageQuality ) );

should be enough.

so long,

->Tyberius Prime

H][RO
Paranoid (IV) Inmate

From: Australia
Insane since: Oct 2002

posted posted 09-06-2006 15:28

Great Thanks,

So exec is the best one to use for this? Ill see if i can just have exec enabled rather than have the others enabled since i dont need them.

« BackwardsOnwards »

Show Forum Drop Down Menu