Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:1403
Return-Path: <jc@firststopinternet.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33234 invoked from network); 9 May 2003 09:23:57 -0000
Received: from unknown (HELO einsteinium.btinternet.com) (194.73.73.147)
  by pb1.pair.com with SMTP; 9 May 2003 09:23:57 -0000
Received: from host213-123-131-250.in-addr.btopenworld.com ([213.123.131.250] helo=desktop)
	by einsteinium.btinternet.com with esmtp (Exim 3.22 #23)
	id 19E46e-0003td-00
	for internals@lists.php.net; Fri, 09 May 2003 10:23:56 +0100
To: <internals@lists.php.net>
Date: Fri, 9 May 2003 10:23:48 +0100
Message-ID: <002b01c3160c$b574b890$0100a8c0@desktop>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_002C_01C31615.17392090"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Subject: php_escape_shell_cmd
From: jc@firststopinternet.com ("Jamison Charlesworth")

------=_NextPart_000_002C_01C31615.17392090
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi

 

I am thinking of making a mod to this to help people using scripts on my
virtual servers.

 

At present when in SAFE_MODE the pipe '|' and redirect '<' '>'  entries
are escaped, and the reasons for this are well understood.

 

However, I am thinking that if the executable is in safe_mode_exec_dir
and the command being 'piped' to is also in the safe_mode_exec_dir then
this would be safe to allow.

 

Also, if a file beinf redirected via < or > is within the DOCUMENT_ROOT
then this should also be allowed.

 

Any views on this?

 

Regards, Jamie.

 


------=_NextPart_000_002C_01C31615.17392090--