{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Fickle 薄情 的问题《Security of executing a command from php》','https://www.manongdao.com/q-1046433.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program).
My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check?
EDIT: I'm aware that I have to clean the user input to prevent executing arbitrary commands... Are there any other things to check?
Thanks in advance.
How about using not cleansing your user inputs so they can execute any command they like... such as format ;-)