Sender: dgobr...@gmail.com Subject: Re: [PHP] securing a script that exec()s Message-Id: <CAF=yD_3efQkA_kz169ooYQ2z7g=g75sjghadnvw+irjzp8q...@mail.gmail.com> Recipient: adam.nicho...@hl.co.uk
______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
--- Begin Message ---Find a way to do it using PHP's imagemagick extensions http://php.net/manual/en/book.imagick.php On Fri, Mar 30, 2012 at 5:56 AM, rene7705 <rene7...@gmail.com> wrote: > Hi. > > I have a script that uses imagemagick's convert command on the commandline > to get it's work done. > These calls to exec('convert [params]') take params from the end-user via a > html form, so is very unsecure. > > The intention is that the end-user only runs this script on localhost, from > localhost. > > So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to > see if I can allow the script to be used. > > But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and > $_SERVER['SERVER_ADDR'] is my internal IP. > > How would I best fix this? >
--- End Message ---
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
