I can not execute jar using exec command in php

0

When I try to run the system it does not return anything, I do not know what might be wrong, I tried to run another jar and it worked, but msm n does not get any parameters. the finder jar works on the linux command line normally

public function consulta(){
    $this->output->set_content_type('application/json');
    $query              = $this->uri->segment(3,0);

    exec("java -jar ../public_html/assets/apps/buscador.jar '$query'", $resposta);

    $html = "";
    $conta = 0;
    foreach ($resposta as $value) {
        if($conta < 10 && $conta > 1){
            $documento = split("\t", $value);
            $html .= "<h2><a href=".$documento[1].">".$documento[2]."</a></h2>";
            $html .= "<p>".$documento[3]."</p></br>";
        }
        $conta++;
    }
    $this->output->set_output(json_encode(array('status' => 'success', 'consulta' => $html, 'resposta' => $resposta)));
}
    
asked by anonymous 09.04.2017 / 05:52

1 answer

0

Hello. Here are my considerations, which are not absolutely conclusive.

  • The first inquiry to be made is to manually execute the command java . The problem can be jar itself and not related to CodeIginiter / PHP. The Apache / PHP user may not have the necessary privilege to execute the command.

  • The second, because it is a command line, is to put the $ query parameter in quotation marks. Spaces, bars, and other special characters spoil the formatting of the parameter. Depedendo of which characters, this is irreversible.

  • The third is to sanitize $this->uri->segment(3,0) , because the user will type a very naughty URI and start running commands on your server, even if this spoils the return. Serious security problem!

  • This form of query by exec( ) seems to me unprofessional. The use of exec( ) contests against the server's security policies. The function can be asynchronous. It exists for when you actually need to query machine artifacts or the server operating system. This does not seem to be your case, you should be trying to integrate two systems, and data from the host machine would be irrelevant.

    In the case of Web, different systems should talk about Webservice, or in a much simpler solution, at least file_get_contents( ) .

        
    10.07.2017 / 17:26