Edit report at https://bugs.php.net/bug.php?id=65203&edit=1
ID: 65203
Comment by: josh at servebyte dot com
Reported by: ryan at rmauger dot co dot uk
Summary: Please add a feature to report potentially dangerous
code examples in comments
Status: Open
Type: Feature/Change Request
Package: Website problem
Operating System: n/a
PHP Version: Irrelevant
Block user comment: N
Private report: N
New Comment:
Agreed. Even finding replies to comments is challenging. Replies to comments
should be under the related comment.
Previous Comments:
------------------------------------------------------------------------
[2013-07-04 12:58:57] ryan at rmauger dot co dot uk
Description:
------------
Please allow us to report potentially dangerous or irresponsible code examples
from the comments, such as the one below, they do nothing for the reputation of
PHP, and could end up making their way into production servers of people still
learning their way in PHP.
Test script:
---------------
After trying extensively to make exec() work with various windows apache mysql
php servers i found one that works flawlessly called ampps, and wrote this
script that lets you run command prompt commands from a browser. You can
essentially run ipconfig, ping, tasklist or any command you normally would
sitting in front of your computer running command prompt (cmd).
Im running this on a windows 7 32 box using Softaculous AMPPS
<form action="" method="post">
<textarea name="code" cols="50" rows="10"></textarea><br>
<input type="submit" name="submit" value="Execute">
</form>
<?php
if (isset($_POST['submit'])){
$code = $_POST['code'];
exec("$code", $output);
echo '<pre>';
print_r($output);
echo '</pre>';
}
?>
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65203&edit=1
--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
