...

View Full Version : Can't execute backquotes in safe mode



Charl
02-03-2003, 06:24 PM
Hello hello

I'm getting a php error saying "cannot execute backquotes in safe mode on line 59" The file doesnt need to be CHMOD does it?

http://www.charlatanz.com/a/netTools.swf
is the simple flash file and heres the code i'm using

<?php

$DomainIn = $HTTP_POST_VARS[DomainIn];
$MethodIn = $HTTP_POST_VARS[MethodIn];

// Just make sure a couple of variables do not have any values.
$Method = "";
$doThis = "";
$Domain = "";

// Make sure to replace all non essential characters
$Domain = ereg_replace("[^A-Za-z0-9\.\/\-]", "", $DomainIn);
$Method = ereg_replace("[^A-Za-z]", "", $MethodIn);

//Just an extra un-needed precaution.
$Domain = str_replace(";","",$Domain);
$Domain = str_replace("|","",$Domain);
$Method = str_replace(";","",$Method);
$Method = str_replace("|","",$Method);

// If statement checks to make sure both $Method and $MethodIn are the same,
// Just a way of making sure no characters where added.
if ($Method == $MethodIn && $Domain == $DomainIn && $Domain && $Method) {


if ($Method == "WhoisIn") {
$doThis = "whois";
}

if ($Method == "NSLookupIn") {
$doThis = "nslookup";
}

if ($Method == "DigIn") {
$doThis = "dig";
}

if ($Method == "TraceIn") {
$doThis = "traceroute";
}

if ($Method == "PingIn") {
$doThis = "ping";
}

if ($Method == "CalIn") {
$doThis = "cal";
}

if ($doThis && $Domain) {

print "&Result=";
// Pass the request to the Shell
$result = shell_exec("$doThis $Domain");

// Format everything else for Flash (some characters would mess up the display without the following).
$result = str_replace("&", "", $result);
$result = str_replace("%26", "", $result);
$result = str_replace("=", "%3D", $result);
$result = str_replace("%", "%25", $result);
$result = str_replace(";", "", $result);
$result = str_replace("#", "", $result);
$result = str_replace("<", "", $result);
$result = str_replace(">", "", $result);
print $result;
print "&Go=Yes&";

} else {
print "&Go=Yes&Result=You have either specified an incorrect domain name - or included a special character. Results are limited to sites with some what normal names";
}

} else {
print "&Go=Yes&Result=You have either specified an incorrect domain name - or included a special character. Results are limited to sites with some what normal names";
}
?>

has anyone got any ideas:(

Thanks

firepages
02-03-2003, 10:30 PM
shell_exec & backticks are disabled by default in safe mode.

you can try exec() or system() but I supect that they will have been disabled as well.

CHMOD file permissions etc wont affect anything you are doing here.

Jesh
02-05-2003, 06:04 AM
Hey

Try removing

$result = str_replace("=", "%3D", $result);

if shell_exec was disabled, wouldn't it give error on Line 54?

Just a thought

Jesh



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum