PHP File Finding shell_exec Versus exec Contenteditable Tutorial

Posted on by
PHP File Finding shell_exec Versus exec Contenteditable Tutorial

PHP File Finding shell_exec Versus exec Contenteditable Tutorial

Today’s enhancement of functionality to our PHP File Finding shell_exec Versus exec web application of yesterday’s PHP File Finding shell_exec Versus exec Event Tutorial only kicks in for situations where you have downloaded the PHP code to an Apache/PHP/MySql local web server environment such as MAMP to work with, transferring PHP code to the relevant Document Root folder. Why? Well, a hacker may get ideas with the RJM Programming domain version of the web application, but presumably with any local web server version, it is in the control of the user to make use of three new HTML div contenteditable=true user interaction sources …

  1. at the . as the directory specification (of the macOS or Linux or unix find command)
  2. at the -name “*” as the file specification (of the macOS or Linux or unix find command)
  3. at the end of the command (of the macOS or Linux or unix find command)

This leaves a pretty open-ended scenario for your “command line” tragics out there, but definitely no place for “production code”! But we do this, for you to try out your changed downloadable find_minus.php‘s live run link also available here below.

Previous relevant PHP File Finding shell_exec Versus exec Event Tutorial is shown below.

PHP File Finding shell_exec Versus exec Event Tutorial

PHP File Finding shell_exec Versus exec Event Tutorial

Serverside PHP programming is great for programmers, in our opinion, because …

  • it is so open to embellishing web applications with information from other sources of information from outside your own domain as well as underlying operating systems in that “serverside” role … and yet …
  • it is not restricted from doing any of those Javascript “clientside” (perhaps event driven) functionalities that make for a dynamic web application

Today we add event driven Javascript “clientside” logic on top of yesterday’s PHP File Finding shell_exec Versus exec Plus Tutorial‘s progress.

We add …

  • onmouseover (non-mobile only)
  • onmouseout (non-mobile only)
  • onclick

… event logic to some of the cells (and their innards) of our PHP File Finding shell_exec Versus exec web application’s result set table of HTML elements.

In amongst the “innards”, for “shell_exec” results, we have “pre” elements consisting of data records. We allow onclick logics for those “pre” elements to host and place mark elements to match with click positioning

<?php echo ”

<sc" . "ript type='text/javascript'>
var xx=null;
var ishover=false;
var lrect=null;
var rrect=null;
var pointerX=-1;
var pointerY=-1;


function ldebate(inh) {
var outh=inh;
var outlines=inh.replace(/\<br\>$/g,'').split('<br>');
var eachlineh=-1;
var vsi=-1;
if (lrect && eval('' + pointerY) >= 0) {
if (eval('' + pointerY) >= eval('' + lrect.top) && eval('' + pointerY) <= eval('' + lrect.bottom)) {
eachlineh=eval(eval('' + lrect.height) / eval('' + outlines.length));
vsi=Math.floor(eval(eval('' + pointerY) - eval('' + lrect.top)) / eachlineh);
console.log('vsi=' + vsi + ' eachlineh=' + eachlineh + ' outlines.length=' + outlines.length + ' inh=' + inh);
outh=inh.replace(outlines[vsi], '<mark>' + outlines[vsi] + '</mark>');
}
}
return outh;
}


function onmout(one) {
if (xx && ishover) {
ishover=false;
xx.close();
xx=null;
}
}


function onmo(event) {
if (document && ('' + event.target.outerHTML).indexOf('</pre>') != -1) {
ishover=true;
if (event.touches) {
if (event.touches[0].pageX) {
pointerX = event.touches[0].pageX;
pointerY = event.touches[0].pageY;
} else {
pointerX = event.touches[0].clientX;
pointerY = event.touches[0].clientY;
}
} else if (event.clientX || event.clientY) {
pointerX = event.clientX;
pointerY = event.clientY;
} else {
pointerX = event.pageX;
pointerY = event.pageY;
}
event.target.click();
}
}


function windowopen(pone,ptwo,pthree) {
if (xx) {
xx.close();
xx=null;
}
if (ishover) {
ishover=false;
return null;
}
if (event.touches) {
if (event.touches[0].pageX) {
pointerX = event.touches[0].pageX;
pointerY = event.touches[0].pageY;
} else {
pointerX = event.touches[0].clientX;
pointerY = event.touches[0].clientY;
}
} else if (event.clientX || event.clientY) {
pointerX = event.clientX;
pointerY = event.clientY;
} else {
pointerX = event.pageX;
pointerY = event.pageY;
}
return window.open(pone,ptwo,pthree);
}


function xxdocumentwrite(thehtml) {
document.getElementById('dinfo').innerHTML=thehtml;
if (xx) {
xx.document.write(thehtml);
}
}


function thtitleit() {
var ths=document.getElementsByTagName('th');
for (var ij=0; ij<ths.length; ij++) {
ths[ij].title=('' + ths[ij].title).replace(/\`/g,String.fromCharCode(34));
}
}


function titleme(so) {
if (so.value.indexOf('-mtime') != -1) {
so.title='find via modified time switch';
} else if (so.value.indexOf('-Btime') != -1) {
so.title='find via file inode creation time switch';
} else if (so.value.indexOf('-ctime') != -1) {
so.title='find via created time switch';
} else if (so.value.indexOf('-atime') != -1) {
so.title='find via access time switch';
}
}


function leftc(event) {
if (!lrect) {
lrect=event.target.getBoundingClientRect();
}
if (1 == 7) {
if (event.touches) {
if (event.touches[0].pageX) {
pointerX = event.touches[0].pageX;
pointerY = event.touches[0].pageY;
} else {
pointerX = event.touches[0].clientX;
pointerY = event.touches[0].clientY;
}
} else if (event.clientX || event.clientY) {
pointerX = event.clientX;
pointerY = event.clientY;
} else {
pointerX = event.pageX;
pointerY = event.pageY;
}
}
}


function rightc(event) {
if (!rrect) {
rrect=event.target.getBoundingClientRect();
}
if (event.touches) {
if (event.touches[0].pageX) {
pointerX = event.touches[0].pageX;
pointerY = event.touches[0].pageY;
} else {
pointerX = event.touches[0].clientX;
pointerY = event.touches[0].clientY;
}
} else if (event.clientX || event.clientY) {
pointerX = event.clientX;
pointerY = event.clientY;
} else {
pointerX = event.pageX;
pointerY = event.pageY;
}
}
</scr" . "ipt>

“; ?>

… allowing the one HTML element have implicitly funnelled multiple “record” event driven functionality.

Again, feel free to try the changed find_minus.php‘s live run link also available here below.

Previous relevant PHP File Finding shell_exec Versus exec Plus Tutorial is shown below.

PHP File Finding shell_exec Versus exec Plus Tutorial

PHP File Finding shell_exec Versus exec Plus Tutorial

Yesterday’s PHP File Finding Signed Time shell_exec Versus exec Tutorial, and postings before it considered “exec” …

  • to be related to the PHP function exec (a favourite of ours) … but then, we introduce today, the idea of “exec” as a …
  • command line (on Linux or unix or macOS) find command switch “exec” switch …

    -exec command ;
    Execute command; true if 0 status is returned. All
    following arguments to find are taken to be arguments to
    the command until an argument consisting of `;’ is
    encountered. The string `{}’ is replaced by the current
    file name being processed everywhere it occurs in the
    arguments to the command, not just in arguments where it
    is alone, as in some versions of find. Both of these
    constructions might need to be escaped (with a `\’) or
    quoted to protect them from expansion by the shell. See
    the EXAMPLES section for examples of the use of the -exec
    option. The specified command is run once for each
    matched file. The command is executed in the starting
    directory. There are unavoidable security problems
    surrounding use of the -exec action; you should use the
    -execdir option instead.

… that we start improving upon for those Linux or unix or macOS users to see information about via hovering over the “result set” table presented (via title attribute).

So, feel free to try the changed find_minus.php‘s live run link also available here below.

Previous relevant PHP File Finding Signed Time shell_exec Versus exec Tutorial is shown below.

PHP File Finding Signed Time shell_exec Versus exec Tutorial

PHP File Finding Signed Time shell_exec Versus exec Tutorial

The recent PHP File Finding shell_exec Versus exec Tutorial, on the Linux and/or unix and/or macOS side of functionality, did not factor in the choice of …

  • +
  • -

… signage possibilities for the “find” command we use via PHP’s exec function. The “man find” tells us

-atime n
File was last accessed less than, more than or exactly
n*24 hours ago. When find figures out how many 24-hour
periods ago the file was last accessed, any fractional
part is ignored, so to match -atime +1, a file has to have
been accessed at least two days ago.

… that not involving these “time signage” ideas (we add in a new dropdown), by choosing a blank sign could be causing you not to see files you expected if you had included one of these signs.

And so, feel free to try the changed find_minus.php‘s live run link also available here below.

Previous relevant PHP File Finding shell_exec Versus exec Tutorial is shown below.

PHP File Finding shell_exec Versus exec Tutorial

PHP File Finding shell_exec Versus exec Tutorial

Lots of software based desktop application problems are centred around the finding of files via a time based criteria. With this in mind, today, we combine …

… whether that be related to …

  • file modified time
  • file access time
  • file created time
  • file inode creation time

That sort of “find” file finding functionality find_minus.php‘s live run link can be a part of a “housekeeping” type of scheduled job, such as described via a crontab entry such as …


04 3 * * * ksh -c 'for i in `find ./PHP/animegif -name "0*.php" -mtime +7`; do rm -f $i; done'

Previous relevant PHP shell_exec Versus exec Tutorial is shown below.

PHP shell_exec Versus exec Tutorial

PHP shell_exec Versus exec Tutorial

Being suckers for “out of the box” solutions to programming issues, what comes “out of the box” with your (perhaps underlying) operating system of use is always inflicting “sucker punches” onto areas we didn’t know existed before … well, you had to be there, didn’t you?

That’s why we really like PHP’s “exec” and “passthru” that we have used quite a bit in the past, to get through to that underlying operating system set of commands in its command line environment, as applicable. Even mobile platforms get a go here, because PHP is a serverside language addressing the RJM Programming linux web server, though you can download s_e.php to your local (client) environment, and access a different perspective in an Apache/PHP/MySql local web server environment such as MAMP to work in.

Today, we compare “shell_exec” to “exec” with our proof of concept PHP web application we’ve written for you to try today, for you to see that “shell_exec” is everything “exec” is plus returning the entire command line command’s output, as distinct from the “just last line return” of exec …

If this was interesting you may be interested in this too.

If this was interesting you may be interested in this too.

If this was interesting you may be interested in this too.

If this was interesting you may be interested in this too.

If this was interesting you may be interested in this too.

If this was interesting you may be interested in this too.

This entry was posted in eLearning, Event-Driven Programming, Operating System, Tutorials and tagged , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>