Samuel Vogel wrote:
Hey guys,
Actually I'm still looking for a way to block for example the exec()
function without throwing an error!
Since there seems to be no way to do this, without hacking the code of
php, it seems like that is what I'll have to do...
Why do you have to do this and not your customers or their developers?
Seems like you're going to have to run a cron script or something to
check once a week in case someone uploads a new file with this stuff in it.
Do you people think it would be a good way to just look for where the
exec() function is defined in the source and then just empty it out an
let it return true or whatever value it normaly returns?
Well it returns a string (see
http://www.php.net/manual/en/function.exec.php) so it's hard to give a
"default" answer because it depends on the context.
And could some of you devs, just give me a short hint where to look for
example for the exec() function in the source, since I never looked into
php?
If you're on a *nix box, you could do something like:
grep -nri '[^_]exec(' /path/to/folder/
and it will show you the files & line numbers you need to look at.
The [^_] means it skips pg_exec, curl_exec, stuff like that.
But you'll have to run a separate check for shell_exec (unless you want
to play with the regex).
If you're on windows, use the filters in the search area to do it.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
