[sork] passwd module
Jan Schneider
jan at horde.org
Thu Sep 4 07:06:09 UTC 2008
Zitat von Eric Jon Rostetter <eric.rostetter at physics.utexas.edu>:
> Quoting Jorge Hernandez <jorgeh at fsbcomputers.com>:
>
>> I have horde 1.1.2 installed with passwd using myscript as
>> backend, the script has been configured to take args, but using it
>> as follows, it doesn't send the args to my script, is this the way
>> to pass my args???:
>
> Try double quotes instead of single quotes on the program line...
>
>> 'program' => '/usr/bin/php
>> /var/www/htdocs/change_password.php $_POST[userid]
>> $_POST[newpassword1]'
>
> Try instead:
>
> 'program' => "/usr/bin/php /var/www/htdocs/change_password.php
> $_POST[userid] $_POST[newpassword1]"
>
> The differnce is, php doesn't expand variables in single quoted strings, but
> does in double quoted strings.. You could also maybe do something like:
>
> 'program' => '/usr/bin/php /var/www/htdocs/change_password.php ' .
> $_POST[userid] . ' ' . $_POST[newpassword1]
>
> But I don't think that is as clean...
Not to mention that it allows any user to execute arbitrary commands
on your server!
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the sork
mailing list