This was an example I wrote this email really is not implemented anywhere. But thanks for observation.
If I decide to put it online. "think of this security issue? On 06/01/15 10:20, Gareth Nelson wrote: > my domain is: > ',); DROP mails;-- > > Sanitise your inputs > > --- > “Lanie, I’m going to print more printers. Lots more printers. One for > everyone. That’s worth going to jail for. That’s worth anything.” - > Printcrime by Cory Doctrow > > Please avoid sending me Word or PowerPoint attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html > > On Mon, Jun 1, 2015 at 6:16 PM, Okupandolared <kan...@darkmail.mx> wrote: > >> Really you could use php to insert into mysql, >> >> but as I need to run ejabberdctl and smtpdctl. >> >> I thought it would do everything from bash >> >> I have no idea how it could call smtpctl from php, maybe you go look at >> python. >> >> On 06/01/15 10:09, Gareth Nelson wrote: >>> Why on earth are you using the shell to insert into MySQL? >>> >>> I would redesign this whole setup under the guidance of someone more >>> experienced to be honest, there's MANY mistakes you're making here, and >>> thus likely other mistakes >>> >>> --- >>> “Lanie, I’m going to print more printers. Lots more printers. One for >>> everyone. That’s worth going to jail for. That’s worth anything.†- >>> Printcrime by Cory Doctrow >>> >>> Please avoid sending me Word or PowerPoint attachments. >>> See http://www.gnu.org/philosophy/no-word-attachments.html >>> >>> On Mon, Jun 1, 2015 at 4:05 PM, Jiri B <ji...@devio.us> wrote: >>> >>>> On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote: >>>>> Hi, >>>>> >>>>> I have an web form. >>>>> >>>>> I need send of webform to script bash >>>>> >>>>> webform.html --> PHP proces --> create.sh >>>>> >>>>> create.sh >>>>> #!/bin/ksh >>>>> # Create user >>>>> >>>>> echo "hi!! your pass $1" >>>>> crypted="$(echo -n "$1" | smtpctl encrypt )" >>>>> maildir="$3/$2/" >>>>> echo -e "$2@$3" >> recipients >>>>> echo -e "$2@$3\t$crypted" >> credentials >>>>> echo "ejabberdctl register $2 $3 $1" >>>>> echo "INSERT INTO mails (userid, domain, password, maildir) VALUES >>>>> ('$2', '$3','$crypted', '$maildir');" | mysql -umyuser -mypass mail; >>>> >>>> Hoho, it won't run in chroot, smtpd doesn't have socket >>>> in chroot, same for ejabberctl. >>>> >>>> You need to have some lightweight communication >>>> "protocol" between chroot and an app outside which would >>>> sanitize input and do the work. >>>> >>>> j.
