Funciones de PHP que ejecutan comandos en el servidor

Contactar con el profesor

exec
passthru
popen
proc_open
shell_exec
`
system

<?php 
$user_input = "echo 'hello'";
procesa_user_input();

$user_input = escapeshellarg($user_input);
procesa_user_input();

$user_input = "echo 'hello'; echo 'bye!'";
procesa_user_input();

$user_input = "echo 'hello'; head -n 2 /etc/passwd;";
procesa_user_input();

$user_input = escapeshellarg($user_input);
procesa_user_input();

function procesa_user_input(){
	global $user_input;
	echo "Command: ".$user_input."<br/>";
	$result = exec($user_input);
	echo "Result: ".$result."<br/><br/>";
}
?>

sanitize_file_name

		
function sanitize_file_name($filename) {
	// Remove characters that could alter file path.
	// I disallowed spaces because they cause other headaches.
	// "." is allowed (e.g. "photo.jpg") but ".." is not.
	$filename = preg_replace("/([^A-Za-z0-9_\-\.]|[\.]{2})/", "", $filename);
	// basename() ensures a file name and not a path
	$filename = basename($filename);
	return $filename;
}
← COOKIES
MAX_FILE_SIZE →

Aviso Legal | Política de privacidad