58 lines
1.8 KiB
PHP
58 lines
1.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This file is part of the Froxlor project.
|
|
* Copyright (c) 2003-2009 the SysCP Team (see authors).
|
|
* Copyright (c) 2010 the Froxlor Team (see authors).
|
|
*
|
|
* For the full copyright and license information, please view the COPYING
|
|
* file that was distributed with this source code. You can also view the
|
|
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
|
*
|
|
* @copyright (c) the authors
|
|
* @author Florian Lippert <flo@syscp.org> (2003-2009)
|
|
* @author Froxlor team <team@froxlor.org> (2010-)
|
|
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
|
* @package Functions
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* Wrapper around the exec command.
|
|
*
|
|
* @param string $exec_string command to be executed
|
|
* @param string $return_value referenced variable where the output is stored
|
|
* @param array $allowedChars optional array of allowed characters in path/command
|
|
*
|
|
* @return string result of exec()
|
|
*/
|
|
function safe_exec($exec_string, &$return_value = false, $allowedChars = null) {
|
|
|
|
$disallowed = array(';', '|', '&', '>', '<', '`', '$', '~', '?');
|
|
|
|
$acheck = false;
|
|
if ($allowedChars != null && is_array($allowedChars) && count($allowedChars) > 0) {
|
|
$acheck = true;
|
|
}
|
|
|
|
foreach ($disallowed as $dc) {
|
|
if ($acheck && in_array($dc, $allowedChars)) continue;
|
|
// check for bad signs in execute command
|
|
if (stristr($exec_string, $dc)) {
|
|
die("SECURITY CHECK FAILED!\nThe execute string '" . $exec_string . "' is a possible security risk!\nPlease check your whole server for security problems by hand!\n");
|
|
}
|
|
}
|
|
|
|
// execute the command and return output
|
|
$return = '';
|
|
|
|
// -------------------------------------------------------------------------------
|
|
if ($return_value == false) {
|
|
exec($exec_string, $return);
|
|
} else {
|
|
exec($exec_string, $return, $return_value);
|
|
}
|
|
|
|
return $return;
|
|
}
|