Why could wget not work with PHP's exec function?

My script tries to exec() wget but seems to fail (though, no error raises up). What could be the problem? Should I tune PHP somehow? I just insta开发者_开发百科lled Apache and PHP on Ubuntu...

---

Add third parameter to exec() to find out the exit code of wget.

---

Maybe wget is not in the (search) path of the apache/php process.
Did you try an absolute path to the wget executable?

---

What is your $_GET['one']? The name of a video file? A number? A url? What's $file? What' $one?

Obvious error sources:

1. Are all of those variables set? If $one is blank, then wget has nowhere to go to fetch your file. If $_GET['one'] and $file are blank, then your output file will most likely not exist, either because the directory can't be found ($_GET['one']) is empty, or $file is empty, causing wget to try and output to a directory name, which is not allowed.
2. 'illegal' characters in any of the variables. Does $file contain shell meta-characters? Any of ;?*/\ etc...? Those will all screw up the command line.

3. Why are you using wget anyways? You're passing raw query parameters out to a shell, which is just asking for trouble. It would be trivial to pass in shell metacharacters, which would allow remote users to run ANYTHING on your webserver. Consider the following query:

   http://example.com/fetch.php?one=;%20rm%20-rf%20/%20;

which in your script becomes:

wget -O /var/www/videos/; rm -rf / ;/$file $one

and now your script is happily deleting everything on the server which your web server's user has permissions for.