0

I would like to run and store the value returned from a python script, in response to certain admin actions.

I've tried a bunch of suggested solutions but the only method that has worked for me is:

$python_script_path = get_template_directory() . '/hello.py';

$python_command = 'C:\Users\fluxian\AppData\Local\Microsoft\WindowsApps\python.exe ' . escapeshellarg($python_script_path);

ob_start();
passthru($python_command . ' dog');
$output = ob_get_contents();
ob_end_clean();

echo $output; // Hello dog

Which seems dirty, but if it works it works. I don't want to hard-code the location to a python install though. Is there a way to figure out where python is actually installed dynamically, instead of relying on hard-coding its location?

Whenever I run shell_exec or exec I get an error saying that python is not a recognised command. I assume the shell php is calling is not the cmd that Windows is exposing? Fixing that seems like a neater solution, if anyone knows how.

Improve this question

1 Answer 1

Reset to default
2

Which seems dirty, but if it works it works. I don't want to hard-code the location to a python install though. Is there a way to figure out where python is actually installed dynamically, instead of relying on hard-coding its location?

There's several options:

  1. Put the python executable in PATH so that the path is unnecessary and it can be shortened to just python ...args..
  2. Pass the path in an environment variable, but this requires pre-configuring at a server level
  3. Pass it via a config file outside of the public dir, again requires server specific file
  4. Query the python file via a HTTP request and rely on a python web server to execute your query
  5. You may be tripped up by the working directory, which might change depending on how and where you make the request to WordPress.
  6. Read in the return code from python, right now there is no error handling code

Note though that executing shell scripts is one of the most dangerous things you can do and these functions are explicitly disabled on some hosts for that reason. This code will be flagged by most code quality/security scanning tools as a result.

Some further notes:

  • Move your python application outside your theme, ideally outside your servers publicly accessible folders, otherwise someone could hit that python URL directly and execute/read/download the contents
  • Assemble your command in 1 step so that it can be escaped all at once, don't append extra arguments afterwards

Whenever I run shell_exec or exec I get an error saying that python is not a recognised command. I assume the shell php is calling is not the cmd that Windows is exposing? Fixing that seems like a neater solution, if anyone knows how.

At this point you've moved beyond the world of WordPress and have a generic PHP question. But the answer depends enormously on how your server is set up. E.g. if you're using a docker based environment then that path won't work and you'll need to make sure a python install is present inside the container. If you're using a tool such as WP Studio or wp-now then there is no python ( and no PHP either! That tool transpiles it all into javascript ). Likewise if your local environment relies on WSL it will have its own filesystem etc.. It may even be that Windows security is preventing access, but you would need to ask someone more experienced with modern Windows security practices on how to check for that.

As for passthru versus exec vs system this stackoverflow question handles that: https://stackoverflow.com/questions/732832/php-exec-vs-system-vs-passthru#732844

Improve this answer
2
  • Thanks for a very detailed answer! Exec, Passthru and System being flagged and disabled on most hosts makes sense, but is unfortunate for me. I wanted to extend my theme's functionality with ML features through Python - without having to set up a central custom-hosted endpoint to do it. That seems to be the only option though :( Commented Mar 27 at 10:15
  • Honestly the biggest roadblock you're going to face there is that webhosts just aren't very powerful, you'll need something with a lot of compute to run ML which might be fine on your local machine, many of which can run small LLM's even, but a webhost while having a superior CPU/RAM will be partitioned amongst many tennants, physical and virtual. Additionally, a servers CPU won't be optimised for NPU compute like a consumer CPU/GPU. Some VPS providers do offer VPS' with GPU's but they can be expensive. Then there's services like hugging face that could run ML models for you at a price Commented Mar 27 at 12:26

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.