I cannot run jar using exec command in php

Question

I cannot run jar using exec command in php

Asked 7 years, 7 months ago

Viewed 161 times

0

when I try to run the system does not return anything, I do not know what may be wrong, I tried to run another jar and it worked, however the msm n receives no parameter. the search jar works on the linux command line normally

public function consulta(){
    $this->output->set_content_type('application/json');
    $query              = $this->uri->segment(3,0);

    exec("java -jar ../public_html/assets/apps/buscador.jar '$query'", $resposta);

    $html = "";
    $conta = 0;
    foreach ($resposta as $value) {
        if($conta < 10 && $conta > 1){
            $documento = split("\t", $value);
            $html .= "<h2><a href=".$documento[1].">".$documento[2]."</a></h2>";
            $html .= "<p>".$documento[3]."</p></br>";
        }
        $conta++;
    }
    $this->output->set_output(json_encode(array('status' => 'success', 'consulta' => $html, 'resposta' => $resposta)));
}

Which error presented? Or just no return?

– Jefferson Quesado

2017/07/10 at 16:57

1 answer

Browser other questions tagged php codeigniter bootstrap-3 jar

You are not signed in. Login or sign up in order to post.

by C. Bohok • **739** points · Answer 1 · 2017-07-10T15:26:57+00:00

Hello. Follow my considerations, of character not absolutely conclusive.

The first check to be done is to manually execute the command java. The problem could be jar itself and not related to Codeiginiter/PHP. The Apache/PHP user may not have the necessary privilege to execute the command.
The second, because it is a command line, is to put the $query parameter in quotes. Spaces, bars, and other special characters spoil parameter formatting. By looking at which characters, this is untraceable.
The third is to sanitize $this->uri->segment(3,0), because the user will enter a very naughty URI and start running commands on your server, even if this would spoil the return. Serious security problem!

This form of consultation by exec( ) seems unprofessional to me. The use of exec( ) dispute over server security policies. The function can be asynchronous. It exists for when you really need to consult the machine’s or the server’s operating system. This does not seem to be your case, you must be trying to integrate two systems, and data from the machine hosting the system would be irrelevant.

When it comes to the Web, different systems should talk through Webservice, or in a much simpler solution, at least for file_get_contents( ).