Funciones de PHP que ejecutan comandos en el servidor

exec
passthru
popen
proc_open
shell_exec
`
system

<?php 
$user_input = "echo 'hello'";
procesa_user_input();

$user_input = escapeshellarg($user_input);
procesa_user_input();

$user_input = "echo 'hello'; echo 'bye!'";
procesa_user_input();

$user_input = "echo 'hello'; head -n 2 /etc/passwd;";
procesa_user_input();

$user_input = escapeshellarg($user_input);
procesa_user_input();

function procesa_user_input(){
 global $user_input;
 echo "Command: ".$user_input."<br/>";
 $result = exec($user_input);
 echo "Result: ".$result."<br/><br/>";
}
?>

sanitize_file_name

  
function sanitize_file_name($filename) {
 // Remove characters that could alter file path.
 // I disallowed spaces because they cause other headaches.
 // "." is allowed (e.g. "photo.jpg") but ".." is not.
 $filename = preg_replace("/([^A-Za-z0-9_\-\.]|[\.]{2})/", "", $filename);
 // basename() ensures a file name and not a path
 $filename = basename($filename);
 return $filename;
}