Fix the script
Notice: do not use sed -r. This only works for linux. Instead use sed -E.
Sam wants certain users to be able to run limited commands from a PHP page. He created a function called safeeval to run these commands. However on one page he neglected to use safeeval and instead used eval(). Safeeval will fail if a command given should not run.
Sam then created a shell script to fix the error.
Sam's uname is:
Here is the script:
Here is his shell script (for freeBSD):
Fix the incorrect line in the shell script (and use the SAME spacing).
- Check the script for fixing the problem, you'll find out Sam replace all eval command with safeeval command and obviously there's a command error of sed.
The following example shows a typical, and the most common, use of sed, where the -e option indicates that the sed expression follows:
sed -e 's/oldstuff/newstuff/g' inputFileName > outputFileName
- Yes, 'g' is a lack of the sed script, where 'g' means "replace all matches.
- Input 'sed -E "s/eval/safeeval/g" <exec.php >tmp && touch OK' and check.
- It's done!
- By the way, a part of the original script below is very strange.
- Since cmd2 is empty, why Sam use eval to execute it? o.0