I am using the shell_exec for a few things. It's very useful, but it also seems like it could be a malicious intruders dream to be able to pass a variable to it.
I was just wondering what types of security issues I should keep in mind when using the shell_exe function.
Any suggestions, tips, techniques?
Thanks in advance for any response.
shell_exec() and Security
Moderator: General Moderators
avoid user input in shell commands. If unavoidable tripple-check and filter the input.
escapeshellarg() and esp. escapeshellcmd() are usefull for that purpose
escapeshellarg() and esp. escapeshellcmd() are usefull for that purpose