PHP - How to Know If Server Allows Shell_Exec

PHP - How to know if server allows shell_exec

First check that it's callable and then that it's not disabled:

is_callable('shell_exec') && false === stripos(ini_get('disable_functions'), 'shell_exec');

This general approach works for any built in function, so you can genericize it:

function isEnabled($func) {
    return is_callable($func) && false === stripos(ini_get('disable_functions'), $func);
}
if (isEnabled('shell_exec')) {
    shell_exec('echo "hello world"');
}

Note to use stripos, because PHP function names are case insensitive.

PHP exec - check if enabled or disabled

if(function_exists('exec')) {
    echo "exec is enabled";
}

shell_exec does not work on the server

The actual problem that persisted was the fact that there is a Linux Security module called SE-Linux(Security-Enhanced Linux) was enforced on my machine which provides a mechanism for supporting access control security policies, like MAC. It does not allow commands like shell_exec be executed by users other than the ones who have the permission to, like root user.

To get the the status of SE-Linux type in your shell sestatus or getenforced. It has 3 modes:

1) Enforcing: SE-Linux policy is enforced. SE-Linux denies access based on SE-Linux policy rules.

2)Permissive: SE-Linux policy is not enforced. SE-Linux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.

3)Disabled: SE-Linux is disabled.

Hope this helps others, who might get stuck because of this.

shell_exec() and IF usage

It is only executed once. Specifically when you call the shell_exec function, NOT when you use the $cmd variable, which holds the results of the function.

Have a look at the documented return value of the function - http://php.net/manual/en/function.shell-exec.php

The output from the executed command

In other words, your code doesn't need the line $cmd; so could be rewritten like so:

$cmd = shell_exec("echo Hello!"); //command is fired here
if(strpos($cmd, 'Hello!') !== false) {
    // $cmd contains 'Hello!'
}

running shell_exec in php causes web server to hang

shell_exec — Execute command via shell and return the complete output as a string

shell_exec expects the file handle to be open, but you redirect everything to /dev/null and detach it.

As you plan to detach the process and remove all the output, you should use exec() and escapeshellcmd()

see: http://www.php.net/manual/en/function.exec.php

How to check if a shell command exists from PHP

On Linux/Mac OS Try this:

function command_exist($cmd) {
    $return = shell_exec(sprintf("which %s", escapeshellarg($cmd)));
    return !empty($return);
}

Then use it in code:

if (!command_exist('makemiracle')) {
    print 'no miracles';
} else {
    shell_exec('makemiracle');
}

Update:
As suggested by @camilo-martin you could simply use:

if (`which makemiracle`) {
    shell_exec('makemiracle');
}

Related Topics

How to Allow a User to Download a File Which Is Stored Outside of the Webroot

Laravel Join Tables

Where to Use MySQL_Real_Escape_String to Prevent SQL Injection

Http Header for Downloading Microsoft Word and Excel Files

How to Get/Set Session_Id() or Should It Be Generated Automatically

PHP Get Height and Width in PDF File Proprieties

PHP JSON or Array to Xml

Use of Undefined Constant Stdin - Assumed 'Stdin' in C:\Wamp\Www\Study\Sayhello.PHP on Line 5

PHP Nested Include Behavior

PHP Binding a Wildcard

Phpmailer Attachment

Paypal Multiple Ipn Setup

Using PHP, How to Insert Text Without Overwriting to the Beginning of a Text File

Add X Days to Date, Excluding Weekends

PHP Twitter Replace Link and Hashtag with Real Link

Upload File with PHP and Save Path to SQL

Regex to Match Words or Phrases in String But Not Match If Part of a Url or Inside <A> </A> Tags. (Php)

Sharing PHP Session ($_Session) Across Multiple Domain


Leave a reply



Submit