0

I'm trying to include a user-defined variable (derived from a cookie) in a shell_exec command to name a file. Unfortunately, when I run the PHP script, the file name is spat out as just ".flv" without the variable string preceding it. I've tested the cookie and it does indeed work, but it looks like it's not being passed correctly to shall exec. Any help or advice would be greatly appreciated. 

$shellvar = $_COOKIE["VideoTitle"];
$shellvar = escapeshellarg($shellvar);
shell_exec('/usr/local/bin/ffmpeg -i audio.wav -i videofile.flv $shellvar.flv 2>&1');
Improve this question

1 Answer 1

Reset to default
3

You are using single quotes in the PHP, which means it won't parse the $shellvar as a PHP variable. Then that is getting passed to the terminal, which tries to use the variable (which doesn't then exist) and it spits back a blank variable. So try replacing the single quotes with double quotes in the shell_exec command.

So the code would look like:

$shellvar = $_COOKIE["VideoTitle"];
$shellvar = escapeshellarg($shellvar);
shell_exec("/usr/local/bin/ffmpeg -i audio.wav -i videofile.flv $shellvar.flv 2>&1");

Obligatory Security Warning:
Also, I'd implore you to be careful, escapeshellarg is a good command, but I'd also recommend (on top of that) only allowing letters and numbers with a preg_match (because I'm paranoid).

Something like

if (preg_replace('/[A-Za-z0-9]*/', '', $shellvar) != "")
    echo "DISALLOWED CHARACTERS";

This way you can be at least decently sure you aren't allowing malformed names to be passed to the terminal. I'd also recommend running the commands as a specific user (who has very little access, not much more then that of using ffmpeg).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Perfect! What a simple fix! Thanks so much for your help.
Thanks :), Also if this answer was useful, clicking the little checkmark underneath the Up Down arrows marks it as the correct answer to your problem, and marks your question closed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.