PHP - in-data from AJAX call will not work in SYSTEM() - using bash same data works
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
PHP - in-data from AJAX call will not work in SYSTEM() - using bash same data works
This is driving me crazy!! Below are two scripts both use system() to one - unzip a data file and two restore a MySql data fire. I have given all data files 777 priveleges so no permission problems. Here are the two scripts. In the case of the called script all "echo's" are commented out except for the last one (it being the return to AJAX sucess).
(I can't find anywhere what return values of system() are. )
Run from command line: Return values 0 and 0.
This works fine.
Code:
<?php
// Test program to exercise system() function
set_include_path( '../include' );
error_reporting (E_ALL ^ E_NOTICE);
//$myBakup=trim($_POST['bakup']); // bakup file to restore - WILL NOT WORK IF INPUT FROM AJAX CALL IN SCRIPT
//$myDbase=trim($_POST['dbase']); // Mysql dbase - WILL NOT WORK IF INPUT FROM AJAX CALL IN SCRIPT
$myDbase="pizzidb"; // MySql database to restore
$hostname=gethostname();
$usr=substr($hostname, 0,strpos($hostname,"-") ); // whose computer is it?
$myDir="/home/".$usr."/DB-Web/".$myDbase."/"; // create absolute dir address
chdir($myDir); // go there to access bakup files
$myBakup="PIZZIDB_DUMP_06.20.14_17.15.00.sql.gz"; // the actual file to be restored input as string here for test purposes.
// if gzip file unzip it
if(preg_match('/.gz$/', $myBakup, $newList)) {
$command ="/bin/gunzip ".$myBakup;
echo $command."\n\n";
$bak_result = system($command, $retval); // bash command
echo "bakresult\n".$retval."\n\n"; // if 0 OK
$myBakup=substr($myBakup, 0, -3); // strip ".gz" from end of string($myBakup) since we just unzipped it
}
// Now open MySql with input being our $myBakup file to restore the datebase
$command ="/usr/bin/mysql --host='localhost' --user='rick' --password='rick' < ".$myBakup; // regardless of computer mysql user is 'rick'
echo "\n".$command;
$bak_result = system($command, $retval); // bash command
echo "\nbakresult2\n\n".$retval."\n\n"; // if 0 OK
echo $myBakup; // return text to calling script (AJAX call)
?>
Called from AJAX script inside .html program: Return values 1, 2
This does NOT work.
Code:
<?php
set_include_path( '../include' );
error_reporting (E_ALL ^ E_NOTICE);
// Called from DataBaseRestore.html via AJAX
$hostname=gethostname();
$usr=substr($hostname, 0,strpos($hostname,"-") ); // whose computer are we on
$myBakup=trim($_POST['bakup']); // bakup file to restore
$myDbase=trim($_POST['dbase']); // mysql database
$myDir="/home/".$usr."/DB-Web/".$myDbase."/";
chdir($myDir); // change to dir the file is in
// if gzip file unzip it
if(preg_match('/.gz$/', $myBakup, $newList)) {
$command ="/bin/gunzip ".$myBakup;
echo "command ".$command."\n\n";
$bak_result = system($command, $retval);
echo "returnval ".$retval."\n\n";
$myBakup=substr($myBakup, 0, -3); // take ".gz" from end of $myBakup since we just unzipped it
}
// Now open mysql with input being our $myBakup file thus restoring the datebase
$command ="/usr/bin/mysql --host='localhost' --user='rick' --password='rick' < ".$myBakup; // regardless of computer mysql user is 'rick'
echo "command ".$command."\n\n";
$bak_result = system($command, $retval);
echo "returnval ".$retval."\n\n";
echo $myBakup;
?>
Your script then executes that, deleting every file in the home directory of whatever user the web server is running as. That probably means your entire web root.
Your code is no doubt vulnerable to other attacks, but that was the one that came to mind immediately.
Try adding a level of security with escapeShellCmd, as in the following example:
Although I only use this in my home, not on the internet, I will look into this and add that security.
Having read another internet hint I have revised my PHP error detecting code.
I now check error.log and I am seeing no permission errors. Since all my data forms have 777 for permissions I am stumped. I am wondering if I should add my user name to the www-data group. Am I going off the path again?
The access rights of the script don't really matter; what matters is that it runs as 'www-data' user, so it most likely is not allowed to manipulate your 'normal user's files
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.