This function is identical to the backtick operator. It is not possible to detect execution failures using this function. In the above mc4-key generator.exe, a line break at the beginning of the gunzip output seemed to prevent shell_exec printing anything else.
Hope this saves someone else an hour or two. There are cases where you need the output to be logged somewhere else though. Using the above command still hangs web browser request. Be careful as to how you elevate privileges to your php script.
It’s a good idea to use caution and planing. It is easy to open up huge security holes. Here are a couple of helpful hints I’ve gathered from experimentation and Unix documentation. If you are running php as an Apache module in Unix then every system command you run is run as user apache. Unix won’t allow privileges to be elevated in this manner. If you need to run a system command with elevated privileges think through the problem carefully! You are absolutely insane if you decide to run apache as root.
You may as well kick yourself in the face. There is always a better way to do it. If you decide to use a SUID it is best not to SUID a script. SUID is disabled for scripts on many flavors of Unix. SUID scripts open up security holes, so you don’t always want to go this route even if it is an option. Write a simple binary and elevate the privileges of the binary as a SUID.
In my own opinion it is a horrible idea to pass a system command through a SUID– ie have the SUID accept the name of a command as a parameter. You may as well run Apache as root! As far as error checking on the last example. The system cannot find the path specified’. In any case it needs to be deleted before proceeding. Your account must have admin privileges. To change the account go to console services, right click on the Apache service, choose properties, and select the connection tab.
For capturing stdout and stderr, when you don’t care about the intermediate files, I’ve had better results with . This mimics the shell_exec behavior, plus gets you stderr. NULL if the executed command doesn’t output anything. Here we’re simply outputting blank whitespace if the command succeeds – which satisfies this slightly strange issue. I had trouble with accented caracters and shell_exec. The two lines were concatenated from the place where the accent was. Just adapt it to your language locale.
Note: The regular expression assumes a english version of Windows is in use. The Subversion error “svn: Can’t recode string” can be caused by the locale being wrong. I thought that I would mention it here. This happens on both Linux and Windows. I finally isolated the problem to changes that Eclipse makes to the environment when debugging. The fix is to force the ini setting. If you don’t need an ini then -n is sufficient.
Of course if you run it outside of the debugger then it works fine without the -n. You may want to use a debug flag to control this behavior. Just a quick reminder for those trying to use shell_exec on a unix-type platform and can’t seem to get it to work. Other wise, it won’t appear to be doing anything.
Note that the PATH may not be as complete as you need. 1″ to redirect it to STDOUT and catch it. I was having a similar problem with the PATH variable when using shell_exec. Even with a hard-coded full path to a binary, I also got an error about a . This combination destroys the string value returned from the call. A solution is to force a clean environment.