So this is where the problem’s happening: reverse-text.epizy.com
It’s supposed to return: “Reversed text: “.desrever eb ot txet elpmaS” from “Sample text to be reversed.”.” when I input “Sample text to be reversed.”
However it returns “Reversed text: “” from “Sample text to be reversed.”.”
It could be something with my php code but I’ve tested it in my local PHP development server and it does what it’s supposed to do.
There’s no error message too.
I checked your code and I see the issue.
I see you’re doing the string reversing by executing a shell command through shell_exec. However, running shell commands is blocked on our hosting, and all functions related to it are blocked.
Instead of doing the string reversal in bash through shell_exec, why not do it through PHP itself? PHP has the function strrev that does exactly what you need it to do.
And unlike using shell_exec, doing string manipulation through PHP doesn’t create a massive, gaping Remote Code Execution vulnerability in your code if your don’t meticulously filter and escape everything you put in the shell commands (which you don’t do at all).
4 Likes
Oh, I did not know you can’t run shell commands in infinityfree or that shell_exec is a vulnerable command. I’ll just use strrev instead.
1 Like
shell_exec isn’t necessarily a vulnerable command, but just like with a database query, you need to check your input or you’ll create a vulnerability in your code. Just like you should never put unfiltered form data into a database query, you should never put unfiltered form data into a system command.
Native PHP functions don’t have this issue (except for things like eval of course), so they are much safer to use.
4 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.