Next step add a wrapper method for shell_exec and disallow shell_exec via e.g. php code sniffer, so that everybody in the project need to use command-builder with auto-escaping. === more secure 🔐
Nice, I need to get some PoC for this, I will see if I can have something for php-cs-fixer (the one I use the most), thanks a lot for this great input Lars!!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi, thanks for this library. Very good idea. 💡 Maybe you should add
escapeshellargfor the arguments: github.com/php/php-src/blob/master...Amazing, that will save me from escaping by hand! Thanks a lot for sharing!
Track the progress of the issue here
github.com/khalyomede/command-buil...
Next step add a wrapper method for
shell_execand disallowshell_execvia e.g. php code sniffer, so that everybody in the project need to use command-builder with auto-escaping. === more secure 🔐Nice, I need to get some PoC for this, I will see if I can have something for php-cs-fixer (the one I use the most), thanks a lot for this great input Lars!!