So let’s say we have a following code:
<?php $str = addslashes($_GET['str']); $cmd = 'sometool "'.$str.'"'; system($cmd); ?>
Is it secure? Can I escape from double quotes somehow? The operating system in linux.
Purely theoretical consideration. I don’t use it in my code 😉
Advertisement
Answer
It’s not secure. You can still pass some arguments that will be malicious, i.e. execute other files in system.
$var = '$(sh file.sh)'; $str = addslashes($var); $cmd = 'sometool "'.$str.'"'; system($cmd);
You should use escapeshellarg method for escaping shell arguments.
$str = escapeshellarg($_GET['str']); $cmd = 'sometool ' . $str; system($cmd);
Note that you have to use the argument $str as it is and that it will be a single argument. You must not surround it with quotes ' or double quotes "