Sender: dgobrien@xxxxxxxxx
Subject: Re: securing a script that exec()s
Message-Id: <CAF=yD_3efQkA_kz169ooYQ2z7g=g75sJGHAdNVw+irJZp8qPMw@xxxxxxxxxxxxxx>
Recipient: adam.nicholls@xxxxxxxx
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
--- Begin Message ---
Find a way to do it using PHP's imagemagick extensions
http://php.net/manual/en/book.imagick.php
On Fri, Mar 30, 2012 at 5:56 AM, rene7705 <rene7705@xxxxxxxxx> wrote:
> Hi.
>
> I have a script that uses imagemagick's convert command on the commandline
> to get it's work done.
> These calls to exec('convert [params]') take params from the end-user via a
> html form, so is very unsecure.
>
> The intention is that the end-user only runs this script on localhost, from
> localhost.
>
> So now i'm checking $_SERVER['REMOTE_ADDR']===$_SERVER['SERVER_ADDR'] to
> see if I can allow the script to be used.
>
> But unfortunately, $_SERVER['REMOTE_ADDR'] is my external IP, and
> $_SERVER['SERVER_ADDR'] is my internal IP.
>
> How would I best fix this?
>
--- End Message ---
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
