-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathescapeshellcmd.xml
More file actions
72 lines (69 loc) · 2.35 KB
/
escapeshellcmd.xml
File metadata and controls
72 lines (69 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?xml version="1.0" encoding="UTF-8"?>
<!-- splitted from ./it/functions/exec.xml, last change in rev 1.12 -->
<!-- last change to 'escapeshellcmd' in en/ tree in rev 1.2 -->
<!-- EN-Revision: n/a Maintainer: fernando Status: working -->
<!-- CREDITS: cortesi -->
<!-- OLD-Revision: 1.27/EN.1.2 -->
<refentry xml:id="function.escapeshellcmd" xmlns="http://docbook.org/ns/docbook">
<refnamediv>
<refname>escapeshellcmd</refname>
<refpurpose>Elude i metacaratteri della shell</refpurpose>
</refnamediv>
<refsect1>
&reftitle.description;
<methodsynopsis>
<type>string</type><methodname>escapeshellcmd</methodname>
<methodparam><type>string</type><parameter>command</parameter></methodparam>
</methodsynopsis>
<para>
<function>escapeshellcmd</function> elude ogni carattere di una stringa che
potrebbe essere usata per indurre un comando shell ad eseguire comandi
arbitrari. Questa funzione dovrebbe essere usata per assicurarsi che ogni dato
che giunga dall'input dell'utente venga neutralizzato prima di essere passato
a funzioni come <function>exec</function> o
<function>system</function> o all'<link
linkend="language.operators.execution">operatore backtick
</link>. Un modello d'utilizzo potrebbe essere:</para>
<para>
<informalexample>
<programlisting role="php">
<![CDATA[
<?php
$e = escapeshellcmd($userinput);
// qui non ci preoccupiamo se $e contiene spazi
system("echo $e");
$f = escapeshellcmd($filename);
// e qui lo facciamo, usando le virgolette
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");
?>
]]>
</programlisting>
</informalexample>
</para>
<para>
Vedere anche <function>escapeshellarg</function>, <function>exec</function>,
<function>popen</function>, <function>system</function> e <link
linkend="language.operators.execution">l'operatore backtick</link>.
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->