Php Trouble -- include URL

software development

#1

I’m trying to basically write a php wrapper for a perl script so I can skin the results and include menus just like the rest of my site. I /am/ running php as cgi. Though I’m not sure the include is my only problem since the querystring it’s complaining about is off as well.

URL: (note that you actually need to submit a search to get an error)
http://enlighteneddreams.fanworks.net/search.phtml

Error message:

Warning: Failed opening ‘http://enlighteneddreams.fanworks.net/mt/mt_search.cgi?SearchCutoff=9999999’ for inclusion (include_path=’.:/usr/local/lib/php’) in /home/.drizzle/crysc/ed.fanworks.net/search.phtml on line 51

Code:

<?php include ("/home/crysc/ed.fanworks.net/includes/header1.inc"); ?>Search<?php include ("/home/crysc/ed.fanworks.net/includes/header2.inc"); ?>

Search

<?php include ("/home/crysc/ed.fanworks.net/includes/header3.inc"); ?>
Match case Regex search
Sort By: Authored On Date Title
Sort Order: Ascending Descending
Search Where:
Search entries from: the beginning one week back two weeks back one month back two months back three months back one year back <?php $postArr = $_POST; foreach($postArr as $key => $item ) { $output = array(); $output[] = $key . '=' . $item; } if (is_array($output)) { $data = implode('&', $output); $file = 'http://enlighteneddreams.fanworks.net/mt/mt_search.cgi?' . urlencode($data); include($file); } ?>
<?php include ("/home/crysc/ed.fanworks.net/includes/footer.inc"); ?>

#2

I’m betting using URLs with include() has been disabled to prevent someone from taking advantage of insecure code. There’s a comment on http://www.php.net/ where someone was able to do so by setting a variable in the query string of the calling PHP script.


#3

Okay – I poked around a bit and hit myself over the head – the file is on the same server, so I rewrote my code to use passthru instead. And rewrote the part of code that collects the arguments as well (cause it wasn’t working :wink: )

I’ve got a new problem though – the cgi returns as though no input was given (returns insructions), but when I printed the string used by passthru and copy/pasted it into SSH it ran correctly :"> any ideas?

edit: logged into the server as the same user cgi runs as.

new code:

<?php $args = escapeshellarg('search=' . $_POST['search']) . ' '; $args .= escapeshellarg('SearchSortBy=' . $_POST['SearchSortBy']) . ' '; $args .= escapeshellarg('ResultDisplay=' . $_POST['ResultDisplay']) . ' '; $args .= escapeshellarg('SearchCutoff=' . $_POST['SearchCutoff']) . ' '; // $args .= escapeshellarg('SearchCutoff=' . $_POST['SearchCutoff']) . ' '; if ($_POST['search']) { $file = 'perl -X /home/crysc/ed.fanworks.net/mt/mt-search.cgi ' . $args .'\n'; print ($file . '
'); passthru($file); } ?>

#4

[quote][code]if ($_POST[‘search’])
{
$file = ‘perl -X /home/crysc/ed.fanworks.net/mt/mt-search.cgi ’ . $args .’\n’;
print ($file . ‘
’);

passthru($file);
}
?>[/code][/quote]
Is the ‘\n’ supposed to be there?

I’m not able to duplicate that error - testcase is:

<?php $argv = escapeshellarg('SearchCutoff=999999'); $file = '/home/username/domain/test/remote.pl ' . $argv; echo "Passing through to $file...\n"; passthru($file); echo "Done passing through.\n" ?>The only think I can think of is that mt-search.cgi checks to see if it was executed as CGI or CLI, and determines it was run as CGI and sees no parameters from the query string and of course it is not able to read anything from POST data, and its not coded to read from command line if run as CGI.

See, passthru() is disabled if the PHP script is run by PHP-Apache. However, it is enabled if run by PHP-CGI. When run as PHP-CGI, Apache sets up the CGI environment variables. When your PHP script calls passthru(), the same environment variables are available to that child, the child will be able to 1) access query string 2) know that it or its caller is in CGI, and not just CLI. Now, you’re submitting the form data to the PHP script as a POST form - well your Perl script won’t be able to access that data because STDIN was already read by PHP. I’m thinking if you could change it from POST to GET, it will work. Or if you hacked mt-search.cgi to read from the command line arguments even if run in CGI enviroment.

Hope that helps.