dongxing2302 2016-10-28 08:47
浏览 86

如果从CLI运行,如何绕过PHP脚本中的安全检查?

I have a PHP script which is typically run as part of a bigger web application. The script essentially makes some changes to a database and reports back to the web user on the status/outcome.

I have an opening section in my PHP:

    require $_SERVER['DOCUMENT_ROOT'].'/security.php';
    // Only level <=1 users should be able to access this page:
    if ( $_SESSION['MySecurityLevel'] > 1 ) {
        echo '<script type="text/javascript" language="JavaScript">window.location = \'/index.php\'</script>';
        exit();
    }

So, basically, if the authenticated web user's security level is not higher than 1, then they are just redirected to the web app's index.

The script works fine like this via web browsers.

Now to my issue...

I want to also cron-job this script - but I don't know how to bypass the security check if ran from the CLI.

If I simply run it from the CLI/cron with 'php -f /path/to/report.php' and enclose the security check in a "if ( php_sapi_name() != 'cli' )", it spews out errors due to multiple uses of $_SERVER[] vars used in the script (there may be other complications but this was the first error encountered).

If I run it using CURL, then the php_sapi_name() check won't work as it's just being served by Apache.

Please can anyone offer some assistance?

Thank you! :)

  • 写回答

1条回答 默认 最新

  • doudaiyao0934 2016-10-28 23:51
    关注

    If you invoke the script through the CLI some of the $_SERVER variables will be defined however their values may not be what you expect: for instance $_SERVER['DOCUMENT_ROOT'] will be empty so your require will look for a file called 'security.php' in the filesystem root. Other arrays such as $_SESSION will not be populated as the CLI does not have a comparable concept.

    You could get around these issues by manually defining the variables (see "Set $_SERVER variable when calling PHP from command line?" however a cleaner approach would be to extract the code that makes the database changes to a separate file which is independent from any specific and that does not depend on any SAPI-specific variables being defined.

    For instance your PHP script (let's call it index.php) could be modified like this:

     require $_SERVER['DOCUMENT_ROOT'].'/security.php';
 require $_SERVER['DOCUMENT_ROOT'].'/db_changes.php';';

    // Only level <=1 users should be able to access this page:
    if ( $_SESSION['MySecurityLevel'] > 1 ) {
        echo '<script type="text/javascript" language="JavaScript">window.location = \'/index.php\'</script>';
        exit();
    } else {
      do_db_changes();
    }

    Then in the SAPI-agnostic db_changes.php you would have:

    <?
function do_db_changes() {
  // Do the DB changes here...
}
?>

    And finally you would have a file, outside the web root, which you can invoke from cron (say cron.php):

    <?
  require("/absolute/path/to/db_changes.php");
  do_db_changes();
?>

    Like this you can continue using index.php for the web application and invoke cron.php from cron to achieve your desired results.

    评论

报告相同问题?

悬赏问题

  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 AT89C51控制8位八段数码管显示时钟。
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测