PHP Security, Part 2
Subject:   Somewhat far fetched...
Date:   2003-12-05 00:22:34
From:   anonymous2
This example is not really the most realistic at all. A beginning PHP programming might get the idea that coding the following is a good idea for compressing a file


$filename = $HTTP_POST_VARS['filename'];

exec("gzip $filename");


This presents the problem when the user types the following in the input of the HTML form:

/users/badguy/myfile.txt; rm *

Since the command will be run as the Apache user, it can do a lot of damage and remove many files. If the user guesses your machine runs linus with a standard apache installation, they might even add the path of the document root thus removing the website altogether.

To prevent this kind of stuff, you must make sure to validate the data in some way. I use a function to make sure the data I get is of the anticpated length and escapes all shell commands

function clean($data, $maxlength) {

$data = substring($data, 0, $maxlength);
$data = EscapeShellCmd($data);
return $data;


Use this and you will be a whole happier.

1 to 1 of 1
1 to 1 of 1