Re: [PHP] securing a script that exec()s

On Fri, Mar 30, 2012 at 7:05 AM, David OBrien dgobr...@gmail.com wrote: Find a way to do it using PHP's imagemagick extensions http://php.net/manual/en/book.imagick.php On Fri, Mar 30, 2012 at 5:56 AM, rene7705 rene7...@gmail.com wrote: Hi. I have a script that uses imagemagick's convert

Re: [PHP] securing a script that exec()s

On Sat, Mar 31, 2012 at 1:37 AM, rene7705 rene7...@gmail.com wrote: escapeshellcmd() seems simplest. It might be if all you care about are shell meta characters, and admittedly it will save you from someone entering rm -rf / in your input field. But dealing with generic user input, even

[PHP] securing a script that exec()s

Hi. I have a script that uses imagemagick's convert command on the commandline to get it's work done. These calls to exec('convert [params]') take params from the end-user via a html form, so is very unsecure. The intention is that the end-user only runs this script on localhost, from localhost.

Re: [PHP] securing a script that exec()s

Bastien Koert On 2012-03-30, at 5:56 AM, rene7705 rene7...@gmail.com wrote: Hi. I have a script that uses imagemagick's convert command on the commandline to get it's work done. These calls to exec('convert [params]') take params from the end-user via a html form, so is very unsecure.

Re: [PHP] securing a script that exec()s

Find a way to do it using PHP's imagemagick extensions http://php.net/manual/en/book.imagick.php On Fri, Mar 30, 2012 at 5:56 AM, rene7705 rene7...@gmail.com wrote: Hi. I have a script that uses imagemagick's convert command on the commandline to get it's work done. These calls to

Re: [PHP] securing a script that exec()s

On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote: ... But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and $_SERVER['SERVER_ADDR'] is my internal IP. How would I best fix this? Simply log on your box via ssh (if its a unix system) and run your script from console or

Re: [PHP] securing a script that exec()s

Sender: dgobr...@gmail.com Subject: Re: [PHP] securing a script that exec()s Message-Id: CAF=yD_3efQkA_kz169ooYQ2z7g=g75sjghadnvw+irjzp8q...@mail.gmail.com Recipient: adam.nicho...@hl.co.uk __ This email has been scanned

Re: [PHP] securing a script that exec()s

On Fri, Mar 30, 2012 at 3:16 PM, Peter Bauer p...@archivum.info wrote: On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote: ... But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and $_SERVER['SERVER_ADDR'] is my internal IP. How would I best fix this? Simply log on

Re: [PHP] securing a script that exec()s

On Mar 30, 2012, at 9:25 AM, rene7705 wrote: On Fri, Mar 30, 2012 at 3:16 PM, Peter Bauer p...@archivum.info wrote: On Fri, Mar 30, 2012 at 11:56:41AM +0200, rene7705 wrote: ... But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and $_SERVER['SERVER_ADDR'] is my internal IP.