Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jun 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Can't execute backquotes in safe mode

    Hello hello

    I'm getting a php error saying "cannot execute backquotes in safe mode on line 59" The file doesnt need to be CHMOD does it?

    http://www.charlatanz.com/a/netTools.swf
    is the simple flash file and heres the code i'm using

    <?php

    $DomainIn = $HTTP_POST_VARS[DomainIn];
    $MethodIn = $HTTP_POST_VARS[MethodIn];

    // Just make sure a couple of variables do not have any values.
    $Method = "";
    $doThis = "";
    $Domain = "";

    // Make sure to replace all non essential characters
    $Domain = ereg_replace("[^A-Za-z0-9\.\/\-]", "", $DomainIn);
    $Method = ereg_replace("[^A-Za-z]", "", $MethodIn);

    //Just an extra un-needed precaution.
    $Domain = str_replace(";","",$Domain);
    $Domain = str_replace("|","",$Domain);
    $Method = str_replace(";","",$Method);
    $Method = str_replace("|","",$Method);

    // If statement checks to make sure both $Method and $MethodIn are the same,
    // Just a way of making sure no characters where added.
    if ($Method == $MethodIn && $Domain == $DomainIn && $Domain && $Method) {


    if ($Method == "WhoisIn") {
    $doThis = "whois";
    }

    if ($Method == "NSLookupIn") {
    $doThis = "nslookup";
    }

    if ($Method == "DigIn") {
    $doThis = "dig";
    }

    if ($Method == "TraceIn") {
    $doThis = "traceroute";
    }

    if ($Method == "PingIn") {
    $doThis = "ping";
    }

    if ($Method == "CalIn") {
    $doThis = "cal";
    }

    if ($doThis && $Domain) {

    print "&Result=";
    // Pass the request to the Shell
    $result = shell_exec("$doThis $Domain");

    // Format everything else for Flash (some characters would mess up the display without the following).
    $result = str_replace("&", "", $result);
    $result = str_replace("%26", "", $result);
    $result = str_replace("=", "%3D", $result);
    $result = str_replace("%", "%25", $result);
    $result = str_replace(";", "", $result);
    $result = str_replace("#", "", $result);
    $result = str_replace("<", "", $result);
    $result = str_replace(">", "", $result);
    print $result;
    print "&Go=Yes&";

    } else {
    print "&Go=Yes&Result=You have either specified an incorrect domain name - or included a special character. Results are limited to sites with some what normal names";
    }

    } else {
    print "&Go=Yes&Result=You have either specified an incorrect domain name - or included a special character. Results are limited to sites with some what normal names";
    }
    ?>


    has anyone got any ideas

    Thanks

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    shell_exec & backticks are disabled by default in safe mode.

    you can try exec() or system() but I supect that they will have been disabled as well.

    CHMOD file permissions etc wont affect anything you are doing here.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Registered User
    Join Date
    Feb 2003
    Posts
    43
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey

    Try removing

    $result = str_replace("=", "%3D", $result);

    if shell_exec was disabled, wouldn't it give error on Line 54?

    Just a thought

    Jesh


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •