escapeshellcmdNameescapeshellcmd — Escapes all of the shell metacharacters and control operators within a string.Descriptionescapeshellcmd() reduces the risks involved in allowing user input to be passed to the shell, by escaping all metacharacters and control operators with backslashes. PHP considers the following characters to be metacharacters and/or control operators.
For more information on metacharacters, control operators, and using shells with strings, consult the documentation (e.g., the man pages) on your server. WarningIncluding user input as part of a shell command almost always has some associated risk. While escapeshellcmd() and escapeshellarg() provide some protection against certain types of attacks, you should always be careful when combining shell commands and user input. ExampleExample 1095. Rescue your shell from certain peril /* Let's pretend that $nasty was posted from a form by a malicious user. The first command in the string is an argument to be appended to a shell command. The second command in the string finds the sh shell and attempts to make a copy of it that's disguised as an ordinary PHP temp file. The final command sets permissions that make the copy of the shell run as the user that PHP runs as. If malicious users have or gain login access to the server, they can use their copy of shell to be able to run as the same user as PHP and the same group as the group owner of /tmp (often group wheel). Using this access, they would probably be able to compromise the files in other users' web directories and may be able to use their new access to force their way into other accounts. Given enough time, they may even be able to compromise root. Once again, be careful! Including user data in shell commands is fraught with danger - in short, a task best left to bearded, belted, and suspendered UNIX gurus. */ $nasty = 'yak; cp `whereis sh` /tmp/phpmNod8W; chmod 6775 /tmp/phpmNod8W'; $nicer = escapeshellcmd ($nasty); // Use 2>&1 to redirect standard error to standard output // This will let the errors be displayed along with any command output passthru("finger $nicer 2>&1"); Example 1096. Display the characters that escapeshellcmd() escapes <table border="1" cellpadding="4" cellspacing="0"> <?php $format = '<tr align="center"><td>%s</td><td>%s</td><td>%s</td></tr>' . "\n"; printf ($format, 'ASCII', 'Character', 'Escaped'); for ($ord = 0; $ord < 256; ++$ord) { $chr = chr ($ord); $esc = escapeshellcmd ($chr); $chr != $esc and printf ($format, $ord, $chr, $esc); } ?> </table>
PHP Functions Essential Reference. Copyright © 2002 by New Riders Publishing
(Authors: Zak Greant, Graeme Merrall, Torben Wilson, Brett Michlitsch).
This material may be distributed only subject to the terms and conditions set forth
in the Open Publication License, v1.0 or later (the latest version is presently available at
http://www.opencontent.org/openpub/).
The authors of this book have elected not to choose any options under the OPL. This online book was obtained
from http://www.fooassociates.com/phpfer/
and is designed to provide information about the PHP programming language, focusing on PHP version 4.0.4
for the most part. The information is provided on an as-is basis, and no warranty or fitness is implied. All
persons and entities shall have neither liability nor responsibility to any person or entity with respect to
any loss or damage arising from the information contained in this book.
|