PHP shell input sanitizing
Question
I want input of alphanumeric string (sha1 - git commit ID). Is sanitizing with regexp /[^a-z0-9]/ , using preg_replace with blank string enough to safely pass it to shell?
1 answers
solution1
1 ACCPTED 2015-06-02 18:02:32
You're on the right track. You can use [^0-9a-f] instead of [^0-9a-z] to prevent someone from passing a non-hexadecimal character.
$arg = preg_replace('/[^0-9a-f]/', '', $arg);
if (strlen($arg) === 40) {
// We have a SHA-1 hash
shell_exec("git checkout {$arg}");
}
In general cases, escapeshellarg() is what you want to use, but narrowing it down further for your specific use-case is a good idea as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Validating and Sanitizing user input in PHP
PHP input GET vars sanitizing
Sanitizing PHP input to ping program
What are the best PHP input sanitizing functions?
Sanitizing input for SQL queries in Adodb for PHP
PHP / MYSQL: Sanitizing user input - is this a bad idea?
PHP Sanitizing a cookie with filter_input_array INPUT_COOKIE
php - Sanitizing text input using HTMLPurifier - then redisplaying - apostrophe issue
Sanitizing HTML Input with Trix
Sanitizing Integer Database Input
Related Tags