When safe_mode enabled, wrong operation shell_exec function in php 5.3 and before
Joungkyun opened this issue · 0 comments
Joungkyun commented
In php 5.3 and before, safe_mode does not work in shell_exec, even if safe_mode setting is enabled.
Test Code:
<?php
if ( ini_get ('safe_mode') > 0 ) {
shell_exec('ls -al');
}
?>Expected Result:
Warning: Cannot execute using backquotes in Safe Mode in test.php on line 3
Actual Result:
Total 232
drwxr-xr-x 5 root root 4096 2017-01-10 04:21 .
drwxr-xr-x 12 root root 4096 2017-01-10 04:21 ..
drwxr-xr-x 8 root root 4096 2017-01-10 04:02 .git
-rw-r--r-- 1 root root 292 2016-06-19 22:56 .gitignore
-rw-r--r-- 1 root root 8273 2016-06-23 04:21 README.ko.md
-rw-r--r-- 1 root root 7215 2017-01-10 00:50 README.md
-rw-r--r-- 1 root root 39 2017-01-10 04:21 a.php
-rw-r--r-- 1 root root 749 2017-01-10 00:50 config.m4
-rw-r--r-- 1 root root 12525 2017-01-10 01:59 execdirapi.c
-rw-r--r-- 1 root root 1580 2017-01-10 00:50 execdirapi.h
-rw-r--r-- 1 root root 313 2016-06-19 22:56 init.sh
-rw-r--r-- 1 root root 3396 2017-01-10 04:01 package.xml
drwxr-xr-x 2 root root 4096 2017-01-10 00:50 patches
-rw-r--r-- 1 root root 23415 2017-01-10 03:59 php_execdir.c
-rw-r--r-- 1 root root 3026 2017-01-10 00:50 php_execdir.h
-rw-r--r-- 1 root root 26721 2016-06-19 22:56 proc_open.c
-rw-r--r-- 1 root root 27951 2016-06-20 02:22 proc_open5.c
-rw-r--r-- 1 root root 29271 2016-06-20 04:01 proc_open53.c
-rw-r--r-- 1 root root 34410 2017-01-10 02:32 tags
drwxr-xr-x 2 root root 4096 2017-01-10 03:16 tests