The title is a little vague, I believe. But my english's not good, so I'm lacking of an better one.
I'm currenty writing a tool that also executes the composer.phar from the source code.
So when installing some stuff with composer.phar it sometimes asks questions and wants additional input, like desired format or simples Y/N questions.
When I use exec() it seems that it's not possible to react to those questions.
So I wondered how I can achieve this with PHP.
Any ideas?
Update
To show an simple example, I do this:
exec("php /Users/johannesklauss/Development/web/composer.phar create-project symfony/framework-standard-edition /Users/johannesklauss/Development/web/Symfony 2.1.x-dev");
Problem here is that the composer at the and asks if it should keep the version control history:
Do you want to remove the existing VCS (.git, .svn..) history? [Y,n]?
So I need to type in y or n to the console. But that's not possible with exec. So I need some interactive mode or what.
One word of caution: look for flags you can send to the initial command to "auto answer". You have no real guarantees about what question composer.phar will ask or the order it will ask them. It should be considered a "hack" and the normal reaction in our brains should apply with all it's caution and context, etc...
Anyway, I think what you'll need is proc_open(), which let's you start a process and have access to the stdin and stdout for it. See the Example #1 code on that doc page, it's very close to what you likely need.
Once you have access to the stdin/stdout resources for the process, you can read from/write to them however you like. The good news is that this will let you "read" the prompt and at LEAST double-check that it's asking what you expect it to be asking (and e.g. throw an exception if you don't recognize the prompt)
Related
I'm attempting to implement some quality control on a project, and I've removed all warnings for my project according to a specific profile in the PhpStorm code inspector. Now I want to set up an automated check (maybe a git hook or Jenkins job) so that people don't add additional warnings.
Basically, what I need to do is to run PhpStorm's code > inspect functionality from the command line.
It appears that, by default, PhpStorm uses some kind of internal code inspection tool when I run code > inspect code. It has plugins for PHP Code Sniff and others, but I don't really want to use those. For example, PHP Code Sniff finds all kinds of spacing errors and such (it's a linter, after all), but it doesn't detect things like passing the wrong number of arguments to method signatures (i.e. the stuff I really care about).
So, is there any way to run PhpStorm's code inspection external to PhpStorm?
Hmmm...
Looks like posting this question may have given me the clarity I needed to search for the correct answer. Looks like there's a way to do this outlined in the PHPStorm documentation:
https://www.jetbrains.com/help/phpstorm/command-line-code-inspector.html
There is a console program for morphological analysis of text https://tech.yandex.ru/mystem/.
Work with the program from the console is simple:
./mystem -lwd in.txt out.txt
I need to carry out a morphological analysis of the text by means of PHP, use the exec () function is impossible.
The easiest way, using PHP to write text to a file, then using a bash script and cron to analyze and save into another file.
But I would like a more convenient option as a PHP function mystem (string, param).
Compile and install extensions I can, but do not know how to write them.
I think the problem is very simple, because maybe someone is faced with the decision of this problem is the "fish"?
Total my question is, Does anyone have a ready solution where you can change only the name of the console program and the expansion will be ready? Thank U!
Is there any way to get JavaScript to run apt-get install gimp on the user's computer when on a link click so that, The user will know the software is being installed.
I've tried googling it.
If there is no way of doing this, please say as after a day, I will mark it as the answer.
there is link shortcut for that on ubuntu :
gimp
but it does not install automatically, it just launch the package manager
Few answers above mention that if it exists, then it will be unsafe.
But the fact is that there is an existing solution already for ubuntu and its safe too.
The mechanism is called apturl. see here:
https://help.ubuntu.com/community/AptURL
https://wiki.ubuntu.com/AptUrl
It is supported by firefox, konqueror atleast. It needs "apturl" package to be installed(which is installed by default ). When user click on apt-url link as shown in answer above by #atrepp , then the defult package launcher will start to install with asking for appropriate authorization(password), as if you would have clicked in "Ubuntu Software Center". Its completely safe as much as you would have installed via "Ubuntu Software Center" or "apt-get" directly.
And i am confident that no such solution exists for RHEL or SuSE.
If this would be possible, it would be a huge security issue! Just imagine a similar link, but running something like rm -rf ~... As far as I know, JavaScript in browsers has no support for child process creation.
On the other hand, Java is able to create child processes (as your apt-get), so you might use a (signed) Java applet for this; in that case, the user will be prompted to authorize the applet to run, to make him aware of the potential security risk.
if you could do that I will never use the internet because it will be full of spams.
javascript and all the client side scripts have very limited privileges, so making a shell command is impossible
Hmm No, It is not possible to run a shell command on the clients computer directly from JavaScript. Sure there are JavaScript shell functions but they are limited to what they can do. But under no circumstance does a client side code on the web has the authority to access a root level command such as apt-get install.
You could possibly write a python/ruby/perl script that does that. Have the user download it and execute it manually.
Aside from that I'm sorry buddy, its simply not possible (at least from what I've read throughout the years on the web).
I am trying to display the images in the pdf document that I uploaded to the server as hyperlinks in php so that if user clicks on them they will get the corresponding document.
Please help me ,Thanks in advance!
Use pdfimages, which comes with the open-source xpdf software package (for *nix operating systems). You'll have to call it through exec or the like, then work with the output from PHP. I am not aware of any PHP library that provides this functionality, so you're going to have to experiment.
EDIT
You mentioned that you aren't experienced with PHP... I thought I'd add that this isn't a quick-and-easy type of task, you certainly aren't going to find a bunch of tutorials around the internet for this.
To get started, you'll have to install the xpdf package on your server. There's a lot of different ways to do this depending on which OS you've got.
After that is set up, you'll be using a command line to execute a program on your server; you'll want to capture the output of that command in PHP and work with it further. So initially, you'll want to work out exactly what your command line will look like as well as what the output looks like and means - do this from command line, don't worry about the PHP part yet. In this case, your output is going to be a list of the image files extracted from a given PDF, you're command line call will look something like "pdfimages mypdf.pdf". Play around, find out what happens.
After you work out exactly what command line you need to send and what the command does, you can focus on the PHP angle. In a nutt shell, you want PHP to execute the exact command that you've already worked out. Look at the manual for exec for information on how to call a command line and get the output back. Write your script to make the correct call and show the call's output.
Next, move on to doing something with that output. I presume you'll want to somehow store the extracted images in a web-accessible place, put them in the database, show them to the user, etc. That is the very last stage after you've worked out the initial steps.
Good luck!
Hello I have a couple questions about PHP exec() and passthru().
1)
I never used exec() in PHP but I have seen it is sometimes used with imagemagick. I am now curious, what is some other common uses where exec is good in a web application?
2)
About 6 years ago when I first started playing around with PHP I did not really know anything, just very basic stuff and I had a site that got compromised and someone setup there own PHP file that was using the passthru() function to pass a bunch of traffic throught my site to download free music or video and I got hit with a 4,000$ bandwidth charge from my host! 6 years later, I know soo much more about how to use PHP but I still don't know how this ever happened to me before. How can someone beable to add a file to my server through bad code?
1] Exec() is really useful when you:
A) Want to run a program/utility on the server that php doesn't have a command equivalent for. For example ffmpeg is common utility run via an exec call (for all sorts of media conversion).
B) Running another process - which you can block or NOT block on - that's very powerful. Sometimes you qant a pcnt_fork though, or similar, along with the correct CL args for non blocking.
C) Another example is when I have to process XSLT 2.0 - I have to exec() a small java service I have running to handle the transformations. Very handy. PHP doesn't support XSLT 2.0 transformations.
2] Damn that's a shame.
Well, lots of ways. Theres a family of vulnerability called, "remote file include vulns", that basically allow an attacker to include arbitrary source and thus execute it on your server.
Take a look at: http://lwn.net/Articles/203904/
Also, mentioned above, say your doing something like (Much simplified):
exec("someUnixUtility -f $_GET['arg1']");
Well, imagine the attacker does, url.come?arg1="blah;rm -rf /", your code will basically boil down to:
exec("someUnixUtility -f blah; rm -rf /");
Which in unix, you separate commands w/the ; So yeah - that could be a lot of damage.
Same with a file upload, imagine you strip the last four chars (.ext), to find the extension.
Well, what about something like this "exploit.php.gif", then you strip the extension, so you have exploit.php and you move it into your /users/imgs/ folder. Well, all the attacker has to do now is browse to users/imgs/exploit.php and they can run any code they want. You've been owned at that point.
Use exec or when you want to run a different program.
The documentation for passthru says:
Warning
When allowing user-supplied data to be passed to this function, use escapeshellarg() or escapeshellcmd() to ensure that users cannot trick the system into executing arbitrary commands.
Someone had probably found a security hole in your script which allowed them to run arbitrary commands. Use the given functions to sanitise your inputs next time. Remember, nothing sent from the client can ever be trusted.
exec() allows you to use compiled code that is on your server, which would run faster than php, which is interpreted.
So if you have a large amount of processing that needs to be done quickly, exec() could be useful.