I have a script which, given an ID, kicks off some complex processes and puts an RTF file onto stdout. For example, you might call it with something like foo.exe 27 to point it at ID 27.
Now I'd like to write a short PHP page which:
- accepts a GET
idparameter - checks that the parameter is an integer number
- calls
shell_exec(...)on the script (we'll assume it's on the$PATH) - responds with t开发者_如何转开发he output of the script, popping up the usual browser-specific download prompt, just as if they'd clicked on the file in a link
Can this be done easily?
This should be pretty simple. Just what you need is to make sure you're not inserting weird data to the script, to avoid any breaks, and to redirect STDERR to STDOUT to avoid to have errors and not to be able to see them.
<?php
// configuration
$scriptName = 'foo.exe';
// sets the header to send raw data to the browser
header('Content-Type: text/plain');
// disables the timeout for your script
set_time_limit(0);
// if the input is not an integer
if (! is_integer($_GET['id']))
{
// throw to forbidden page
header("HTTP/1.0 403 Forbidden");
die();
}
// parameter to use as parameter of
// the command to call
$parameterId = (int) $_GET['id'];
// preparing the command and redirecting STDERR to STDOUT (the browser)
$command = "$scriptName $parameterId 2>&1";
// executing command and outputing it
print(shell_exec($command));
Hope it helps!
Just make sure you leave (or set) ample time for the script to run - it could possibly take a long time and cause your request to time out.
Also, make sure you sanitize the input you put into exec().
But yeah, it can all be done.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论