Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/takuya/php-shell
php safer shell execution
https://github.com/takuya/php-shell
Last synced: 21 days ago
JSON representation
php safer shell execution
- Host: GitHub
- URL: https://github.com/takuya/php-shell
- Owner: takuya
- License: gpl-3.0
- Created: 2020-04-15T17:40:14.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-04-16T14:28:03.000Z (over 4 years ago)
- Last Synced: 2024-10-13T18:54:00.872Z (about 1 month ago)
- Language: PHP
- Homepage:
- Size: 19.5 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Examples
```php
$name = "takuya";
$ret = PHPShell::exec_command('echo $name', ['name'=>$name]);
```
Apparently, `$name` in `'echo $name` looks like php variable, but `$name` is as passed shell env variable.
# Compare to escapeshellarg
Quart is unfriendly for debugging.
```php
$name = "takuy'a;curl -h ";
$name = escapeshellarg($name); // -> "'takuy'\''a;curl -h '"
```
Long string arguments make code more difficult to read..
```php
$url = escapeshellarg("too long argument ..afasdfasdfasdfasdfawefadf");
$json = escapeshellarg(json_encode($object))
$cmd = 'curl -v -L $url -X POST --data $json';
var_dump($cmd);
```
Using Environment is more simple. And become more clear code what we will do.
```php
$env_vars = ['url'=>$url, 'json'=>$json];
foreach( $env_vars as $k=>$v ){
putenv("$k=$v");
}
$ret = shell_exec('curl -v -L $url -X POST --data $json');
```
For this reason, this library supports you to pass argument as Environment instead of raw string.
# Feature
Safer calling Shell Command. To avoid escaping Shell arguments , this library using ENV.
By using Env instead of escaping, shell command call become slightly safer and simpler to avoid shell command injection.
# since
- First release was 2008.