如何测试是否允许PHP system()函数? 并且出于安全原因没有关闭
[英]how to test if PHP system() function is allowed? and not turned off for security reasons
问题描述
I would like to know how to test if system() or exec() is allowed on a server. 
我想知道如何测试服务器上是否允许system()或exec()。 I keep getting this error "Warning: exec() has been disabled for security reasons in ..." 我一直收到此错误“警告:出于安全原因,exec()已被禁用...”
I understand that the safe_mode function is depreciated in the php version my provider runs (5.3.3) so i cant use a get_ini('safe_mode') check. 我知道safe_mode函数在我的提供程序运行的php版本中被折旧(5.3.3)所以我不能使用get_ini('safe_mode')检查。
What else to do? 还有什么可做的?
I use this for a backup script. 我用它作为备份脚本。 if the provider allows system, the script makes a tar file and mails it to me whenever a user logs in. 如果提供者允许系统,则脚本会生成一个tar文件,并在用户登录时将其邮寄给我。
Thanks in advance. 提前致谢。
4 个解决方案
解决方案1
10 已采纳 2010-10-27 13:44:42
Well, there's only two ways it can be disabled: safe_mode or disable_functions . 好吧,只有两种方法可以被禁用: safe_mode或disable_functions 。
So you can do a check like: 所以你可以做一个检查:
function isAvailable($func) {
if (ini_get('safe_mode')) return false;
$disabled = ini_get('disable_functions');
if ($disabled) {
$disabled = explode(',', $disabled);
$disabled = array_map('trim', $disabled);
return !in_array($func, $disabled);
}
return true;
}
Oh, and function_exists should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable should also return true (since the function does exist). 哦,并且function_exists应该返回true,因为它是一个核心函数(否则你可以伪造一个核心函数并对主机造成一些真正的破坏)...因此is_callable也应该返回true(因为函数确实存在)。 So the only ways to tell, are to check the ini settings, or to actually call it... 因此,唯一的方法是检查ini设置,或实际调用它...
Edit: One other thing to note, there are several of ways to execute shell commands. 编辑:另外需要注意的是,有几种方法可以执行shell命令。 Check out: 查看:
解决方案2
3 2010-10-27 13:44:50
Testing for disabled functions and the presence of safe mode as shown by @ircmaxell is arguably the easiest way to go. @ircmaxell所示的禁用功能测试和安全模式的存在可以说是最简单的方法。
If you want to find out 1000% reliably whether execution of system commands is possible - there may be security patches like Suhosin that block this on another level - try to exec() an external command that is bound to work on all systems (including Windows), and is extremely unlikely to fail even if user rights are very tight. 如果你想要可靠地找出1000%是否可以执行系统命令 - 可能有像Suhosin这样的安全补丁在另一个级别上阻止它 - 尝试exec()一个必须在所有系统上工作的外部命令(包括Windows) ),即使用户权限非常紧张,也极不可能失败。
Say 说
cd .
this should work (ie not return false , and return an error level code of 0 ) at least on all Linux, Windows and Unix flavours including OS X. 这应该工作(即不返回false ,并返回错误级别代码0 )至少在所有Linux,Windows和Unix风格包括OS X上。
解决方案3
0 2010-10-27 13:41:14
function_exists() doesn't works for this situation ? function_exists()不适用于这种情况?
http://fr.php.net/function_exists http://fr.php.net/function_exists
解决方案4
0 2010-10-27 13:44:21
exec() returns false if it fails, or a success message string if it succeeds... so the following should work: exec()如果失败则返回false,如果成功则返回成功消息字符串...因此以下内容应该有效:
if(!exec('cd .')){ die('ERROR: Exec is not available!!!'); }
Replacement for 'cd .' 替换'cd。' can be any function you know to work on the system. 可以是您知道在系统上工作的任何功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.