PHP Timeout when executing python script

[sygirard]

Hello,i'm currently working on Windows 2008 R2. I've installed PHP 5.6.6 and Python 2.7.9.I have PHP script, a simple one, that follow :

<?php$output="";$retval="";$array = array();if ( isset($_GET["message"]) ){    $msg = $_GET["message"];}$cmd = "deploy_to_server.py " . $msg;$result = exec($cmd,$output,$retval);if ( $retval == 1 ){    $array['success'] = FALSE;    $array['result'] = $result;}else{    $array['success'] = TRUE;    $array['result'] = $result;}echo json_encode($array);?>

Python script "deploy_to_server.py" copy files with name contained in "message". These files can be voluminous (1Go maximum).During first execution of my script, i had this error :"PHP Fatal error: Maximum execution time of 30 seconds exceeded in deploy_to_server.py ..."Simple to fix it by changing parameter in php.ini file :- max_execution_time = 300- max_input_time = 300Now timeout error is corrected. But i don't have python script return ($result).

But if copy takes less than 30s, i've got it. At 32s, no.

Note that in all cases (good copy, bad copy), execution return value $retval is good.

And python script is well executed.I tried to change execution time in script : ini_set('max_execution_time', 0); or set_time_limit();

But nothing change.

Do you know where is my problem ?

Is there an other configuration file to modify ? (PHP or IIS7)

Thanks for your help.

Sylvain

[justsomeguy]

That's a dangerous piece of code if it's available publicly, people can inject anything they want onto the command line through $_GET.Is there a timeout issue with the python code?There's some information here about increasing the request timeout with IIS7. It might be IIS instead of PHP timing out the request. What happens if it takes longer than 30 seconds, what do you see in the browser?http://stackoverflow.com/questions/2414441/how-to-increase-request-timeout-in-iis7-0

[sygirard]

It's just for internal use. Only accessible on our network.

 

However, if you know where i can find some information to secure my website, i'll take it.

 

If my python script take more than 30s to copy file, it takes its time to finish (PHP waiting the end of the script) and only return the $retval value (O if OK, 1 if KO).

If python script takes less than 30s, it returns $result (print function in script) and $retval (sys.exit() function in script)

 

I'll take a look on IIS side.

 

Thanks

[justsomeguy]

You can use functions like these to escape things that you put on the command line:http://php.net/manual/en/function.escapeshellarg.phphttp://php.net/manual/en/function.escapeshellcmd.phpThat will help prevent people from putting additional commands to execute in $_GET.