duanke8011 2016-09-29 19:50
浏览 65
已采纳

选择并显示服务器文件

I'm using shell_exec to execute a command on my server and show the result with echo.

Now, I want to select and display the files displayed. How can I do this?

<body>
    <form method="get" action="<?php echo $_SERVER["PHP_SELF"] ?>">
        <input type="submit" class="reset_button"/>
        <p><b>Search</b></p>
        <?php
            <input type='text' name='idtest' value='' />
            <input type='submit' value='consultar' />
        ?>
        <?php
            $consulta=$_GET[idtest];
            $salida =  shell_exec('find / -iname *'.$consulta.'*|sort');    
            echo "<pre>$salida</pre>";
        ?>
</body>

Result from code:

text1.txt
text2.txt
text3.txt
text4.txt
  • 写回答

2条回答 默认 最新

  • dtt78245 2016-09-30 14:28
    关注

    $salida = shell_exec('find / -iname '.$consulta.' |sort');

    This isn't going to work the way you expect; the *'.$consulta.'* will be expanded to match anything in the current directory. It should be \'*'.$consulta.'*\'

    I'm also struggling to imagine where it would make sense to ever expose such functionality via a webserver - its going to be expensive to search the whole filesystem and potentially exposes a lot of stuff which should not be accessible remotely.

    How can I do this?

    If it were me....

     <?php
 $consulta=$_GET[idtest];
 $salida = explode("
", shell_exec('find / -iname \*'.$consulta.'\* | sort'));
 foreach ($salida as $s) {
    if (is_readable($s)) {
       print "<a href='filereader.php?src=" . urlencode($s)
         . "'>" . htmlentities($s) . "</a><br />";
    } else {
       print htmlentities($s) . "<br />";
 }
?>

    Content of filereader.php should be obvious.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题