sygirard Posted April 1, 2015 Share Posted April 1, 2015 Hello,i'm currently working on Windows 2008 R2. I've installed PHP 5.6.6 and Python 2.7.9.I have PHP script, a simple one, that follow : <?php$output="";$retval="";$array = array();if ( isset($_GET["message"]) ){ $msg = $_GET["message"];}$cmd = "deploy_to_server.py " . $msg;$result = exec($cmd,$output,$retval);if ( $retval == 1 ){ $array['success'] = FALSE; $array['result'] = $result;}else{ $array['success'] = TRUE; $array['result'] = $result;}echo json_encode($array);?> Python script "deploy_to_server.py" copy files with name contained in "message". These files can be voluminous (1Go maximum).During first execution of my script, i had this error :"PHP Fatal error: Maximum execution time of 30 seconds exceeded in deploy_to_server.py ..."Simple to fix it by changing parameter in php.ini file :- max_execution_time = 300- max_input_time = 300Now timeout error is corrected. But i don't have python script return ($result). But if copy takes less than 30s, i've got it. At 32s, no. Note that in all cases (good copy, bad copy), execution return value $retval is good. And python script is well executed.I tried to change execution time in script : ini_set('max_execution_time', 0); or set_time_limit(); But nothing change. Do you know where is my problem ? Is there an other configuration file to modify ? (PHP or IIS7) Thanks for your help. Sylvain Link to comment Share on other sites More sharing options...
justsomeguy Posted April 1, 2015 Share Posted April 1, 2015 That's a dangerous piece of code if it's available publicly, people can inject anything they want onto the command line through $_GET.Is there a timeout issue with the python code?There's some information here about increasing the request timeout with IIS7. It might be IIS instead of PHP timing out the request. What happens if it takes longer than 30 seconds, what do you see in the browser?http://stackoverflow.com/questions/2414441/how-to-increase-request-timeout-in-iis7-0 Link to comment Share on other sites More sharing options...
sygirard Posted April 2, 2015 Author Share Posted April 2, 2015 It's just for internal use. Only accessible on our network. However, if you know where i can find some information to secure my website, i'll take it. If my python script take more than 30s to copy file, it takes its time to finish (PHP waiting the end of the script) and only return the $retval value (O if OK, 1 if KO). If python script takes less than 30s, it returns $result (print function in script) and $retval (sys.exit() function in script) I'll take a look on IIS side. Thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted April 2, 2015 Share Posted April 2, 2015 You can use functions like these to escape things that you put on the command line:http://php.net/manual/en/function.escapeshellarg.phphttp://php.net/manual/en/function.escapeshellcmd.phpThat will help prevent people from putting additional commands to execute in $_GET. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now