Safe executing shell scripts; escaping vars before execution.
- by Kirzilla
Hello,
Let's imagine that we have a simple php script that should get ssh_host, ssh_username, ssh_port from $_GET array and try to connect using this parameters to SSH.
$port = escapeshellcmd($_GET['ssh_port']);
$host = escapeshellcmd($_GET['ssh_host']);
$username = escapeshellcmd($_GET['ssh_username']);
$answer = shell_exec("ssh -p "…