|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2009-05-21 18:09 UTC] giosp at panozzo dot it
[2009-11-19 10:14 UTC] vrana@php.net
[2009-11-19 10:15 UTC] svn@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2026 The PHP GroupAll rights reserved. |
Last updated: Tue Jun 16 17:00:01 2026 UTC |
Description: ------------ In the documentation of system(), exec(), shell_exec(), popen(), passthru() and other external proces execution function there should be the following notes: 1. All these functions does not execute the requested process directly: they execute a shell (cmd.exe ? bash ? which criteria is used ? %COMSPEC% in windows ?). 2. Executing the standard CMD.EXE in windows is not possible when running as a non administrator user, so these function will fail in a standard IIS environment, where the current PHP script is executed as ISUR_MACHINENAME 3. The only secure way to execute a process in windows bypassing cmd.exe, is to use the proc_open() function with the option "bypass_shell" Reproduce code: --------------- --- From manual page: function.system --- <?php passthru("ping www.hp.com"); ?> Expected result: ---------------- A typical ping output Actual result: -------------- Warning: passthru() [function.passthru]: Unable to fork [ping www.hp.com] in C:\Inetpub\wwwroot\prova.php on line 2