Getting Server data...

[nickbunyan]

I have a couple of complicated and sadly necessary Bash scripts which run on my host server.

What I want to do is use a form plugin to trigger one of these scripts, capture the output, and store the relevant data in one of my lists...

It is very likely - knowing my general incompetence - that there may be a a better way of achieving this using the Fabrik framework (php/Ajax/JS ???) so I am looking for advice please.

For reasons that are too complicated to go into, I am stuck with the Bash scripts. When they run they return an exit code and if sucessful, a filename. I want to process the bash script, report the error status if any, and store the filename in my list along with the rest of the form data.

It appears that the php plugin would do this but I can't get it to work even with a simple 'ls -l' bash script...

Any offers of a skeleton setup which works greatly appreciated. I have wasted a day bashing [sic] myself up and cannot get the plugin to do what I want. If I can get a Hello World version working, I can probably figure out the rest.

HELP please...

 

[cheesegrits]

It would help if you showed us your non working code.

Typically you would use ...

$output = shell_exec('ls -l');

... to execute a shell script and capture the output. But on many hosted servers, shell_exec() and exec() are disabled.

-- hugh

 

[nickbunyan]

Hi Hugh,
Thanks, your cogent and lucid suggestion is rapier accurate as usual... It seems as if the environment doesn't like exec/shell_exec despite being an 'intranet' host :-((
I will have to have a 'policy discussion' with the 'I want to have my cake and eat it' man who is running [sic] the project.
Closing for now, pending outcome of discussions...

 

[cheesegrits]

Allowing shell_exec() can be dangerous, yes, but typically only with poorly written or unsafe scripting.

The absolute golden rule is never, ever, ever, EVER allow user input in a shell_exec(). So doing this:

$dir = $_REQUEST['some_user_input_from_a_form'];
$result = shell_exec("ls -l $dir");

... would be a wide open screaming 5 alarm security problem.

The other issue is if you run any server side script with a security hole big enough to allow execution of arbitrary PHP (or whatever). But at that point, you are so screwed anyway, it makes little difference.

IMHO, after 30 years of systems admin, is that things like shell_exec() are a necessary evil, but as long as you maintain decent security practices, and it's on an intranet only server, inaccessible to the Great Unwashed of the Interwebz, you should be OK.

However, I know how hard it can be to convince systems admins of this. Which is fair enough, it's their job to resist anything that may be insecure. But it's also their job to provide an environment in which web based apps can do what they need to do.

-- hugh