Are shell instructions bad? Are shell instructions bad?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Are shell instructions bad?

Started by trippinsweet, June 22, 2006, 06:17:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

trippinsweet

Just a query... I'm new to the idea of developing tools for everyones use rather than just my own personal use.

So would it be considered bad form to have a coppermine function execute a shell script?

Currently, I implemented zip downloads of albums by calling the zip function through exec() in php. Is this a bad idea?
I'm wondering what kind of problems I might encounter using it.

Oh and I have code of the zipdownloads function which I'll be happy to release... if its safe to.

Tranz

hmm.. I don't think it's bad in itself, but not a lot of people will be able to use it since not everybody has shell access. So if your goal is for everyone to use your tools, you'll have to find a way that doesn't require exec. :)

Abbas Ali

The shell will be safe if the web server setup has been done correctly (i.e. user permissions and other such things). Also the command which is executed should be validated and well sanitized. If these guidelines are followed then it is safe to execute shell commands.
Chief Geek at Ranium Systems

trippinsweet

Great. Then I'll release my mod soon.

Granted not everyone (especially people on shared hosting) will be able to use it, but if you're on your own dedicated box you should have no problem installing the linux zip binaries.

I personally think that a function that allows you to download whole albums is very useful.