55 lines
1.7 KiB
PHP
55 lines
1.7 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This file is part of the Froxlor project.
|
|
* Copyright (c) 2003-2009 the SysCP Team (see authors).
|
|
* Copyright (c) 2010 the Froxlor Team (see authors).
|
|
*
|
|
* For the full copyright and license information, please view the COPYING
|
|
* file that was distributed with this source code. You can also view the
|
|
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
|
|
*
|
|
* @copyright (c) the authors
|
|
* @author Florian Lippert <flo@syscp.org> (2003-2009)
|
|
* @author Froxlor team <team@froxlor.org> (2010-)
|
|
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
|
* @package Functions
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* Wrapper around the exec command.
|
|
*
|
|
* @param string exec_string String to be executed
|
|
*
|
|
* @return string The result of the exec()
|
|
*/
|
|
function safe_exec($exec_string, &$return_value = false) {
|
|
|
|
// check for bad signs in execute command
|
|
if ((stristr($exec_string, ';'))
|
|
|| (stristr($exec_string, '|'))
|
|
|| (stristr($exec_string, '&'))
|
|
|| (stristr($exec_string, '>'))
|
|
|| (stristr($exec_string, '<'))
|
|
|| (stristr($exec_string, '`'))
|
|
|| (stristr($exec_string, '$'))
|
|
|| (stristr($exec_string, '~'))
|
|
|| (stristr($exec_string, '?'))
|
|
) {
|
|
die('SECURITY CHECK FAILED!' . "\n" . 'The execute string "' . htmlspecialchars($exec_string) . '" is a possible security risk!' . "\n" . 'Please check your whole server for security problems by hand!' . "\n");
|
|
}
|
|
|
|
// execute the command and return output
|
|
$return = '';
|
|
|
|
// -------------------------------------------------------------------------------
|
|
if ($return_value == false) {
|
|
exec($exec_string, $return);
|
|
} else {
|
|
exec($exec_string, $return, $return_value);
|
|
}
|
|
|
|
return $return;
|
|
}
|