I have a PHP code that stores contents of a url by file() method like
$contents=file("http://www.rcsb.org/pdb/files/2AID.pdb");
I need to pass these $contents to a perl program by shell_exec() method , something like following
$result=shell_exec("perl_prog.pl $contents");
My question is how to pass this $contents to Perl program. I tried like following
@file=<@ARGV>;
but its not working. Please help me.
That shell_exec() code is utterly vulnerable to shell injection - you're trusting that the remote service won't include something like:
; rm -rf /
As well, file()
returns the file contents as an array - you can't pass arrays over the command line directly. Only strings.
A moderately safer version is:
$contents = file_get_contents('http://etc....');
$safe_contents = escapeshellarg($contents);
$result = shell_exec('perl_prog.pl $safe_contents');
On the Perl side, you'd use
my ($contents) = @ARGV;