0

I have a simple cmd.php page to run commands I enter using shell_exec () and show the output.

  • PHP is running as CGI
  • Entering "php -v" and most commands just show "Content-type: text/html" and then the current page's HTML source.

  • However, calling PHP with an invalid parameter (/usr/bin/php -z) shows PHPs usage:

    Usage: php [-q] [-h] [-s] [-v] [-i] [-f ] php [args...]

    etc...

I attached a couple of images to show what I mean.

PHP -v doesn't produce expected output

PHP -v doesn't produce expected output

PHP -z shows PHP's usage

PHP -z shows PHP's usage

Any ideas?

Edit

cmd.php

<?php

    if ( isset ( $_POST['submit'] ) ) :

        $response = shell_exec ( escapeshellcmd ( stripslashes ( $_POST['cmd'] ) ) );

    endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
    <head>
        <style type="text/css">
            pre#response { border: 1px solid #e0e0e0; padding: .5em; }
        </style>
        <title>Command</title>
    </head>
    <body>
        <form action="cmd.php" method="post">
            <p><input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
            <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
            </p>
        </form>


        <?php
        if ( isset ( $response ) ) :
        ?>

            <pre id="response"><?php

                if ( empty ( $response ) ) :
                    echo 'No response.';
                else :
                    echo htmlspecialchars ( $response );
                endif;
            ?></pre>

        <?php
        endif;
        ?>

    </body>
</html>
Improve this question
4
  • What is the expected output? Can we have a peek at cmd.php? Commented Jul 12, 2010 at 8:04
  • It should show the version number... I posted the source code. Commented Jul 12, 2010 at 8:08
  • Is your FCGI or CGI running in a chroot via a wrapper script? Commented Jul 12, 2010 at 8:22
  • Not sure what you mean... you're seeing all of the code I'm using above. Commented Jul 12, 2010 at 8:32

2 Answers 2

Reset to default
1

shell_exec() only returns the characters that have been written to the stdout of the executed process, but not stderr. Try redirecting stderr to stdout so that error messages will be stored in $response.

<?php
define('REDIRECT_STDERR', 1);

if ( isset ( $_POST['submit'] ) ) :      
  $cmd = escapeshellcmd ( stripslashes ($_POST['cmd']) );
  if ( defined('REDIRECT_STDERR') && REDIRECT_STDERR ) :
    $cmd .= ' 2>&1';
  endif;
  $response = shell_exec( $cmd );
endif;

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
  <head>
    <style type="text/css">
      pre#response { border: 1px solid #e0e0e0; padding: .5em; }
    </style>
    <title>Command</title>
  </head>
  <body>
    <form action="cmd.php" method="post">
      <p>
        <input type="text" name="cmd" id="cmd" value="<?php echo @htmlspecialchars ( stripslashes ( $_POST['cmd'] ) ); ?>" size="50" />
        <button type="submit" name="submit" id="submit" value="Submit">Submit</button>
      </p>
    </form>


    <?php if ( isset ( $cmd ) ) : ?>
    <fieldset><legend><?php echo htmlspecialchars($cmd); ?></legend>
      <pre id="response"><?php var_dump($repsonse); ?></pre>
    </fieldset>
    <?php endif; ?>
  </body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Please check php.ini used by php from command line. I had same problem (no output from php command line), tried replacing current php.ini with php.ini-production and command line php started to work fine. It appears that some configuration variables were modified in recent php version (upgraded from 5.3.10 to 5.4.3).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.