securing a script that exec()s

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi.

I have a script that uses imagemagick's convert command on the commandline
to get it's work done.
These calls to exec('convert [params]') take params from the end-user via a
html form, so is very unsecure.

The intention is that the end-user only runs this script on localhost, from
localhost.

So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
see if I can allow the script to be used.

But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
$_SERVER['SERVER_ADDR'] is my internal IP.

How would I best fix this?
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux