dolibarr 20.0.2
test_exec.php
1<?php
2
3if (!defined('NOREQUIREUSER')) {
4 define('NOREQUIREUSER', '1');
5}
6if (!defined('NOREQUIREDB')) {
7 define('NOREQUIREDB', '1');
8}
9if (!defined('NOREQUIRESOC')) {
10 define('NOREQUIRESOC', '1');
11}
12if (!defined('NOREQUIRETRAN')) {
13 define('NOREQUIRETRAN', '1');
14}
15if (!defined('NOSTYLECHECK')) {
16 define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
17}
18if (!defined('NOREQUIREMENU')) {
19 define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
20}
21if (!defined('NOREQUIREHTML')) {
22 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
23}
24if (!defined('NOREQUIREAJAX')) {
25 define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
26}
27if (!defined("NOLOGIN")) {
28 define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
29}
30// If you don't need session management (can't be logged if no session used). You must also set
31// NOCSRFCHECK, NOTOKENRENEWAL, NOLOGIN
32// Disable module with GETPOST('disablemodules') won't work. Variable 'dol_...' will not be set.
33// $_SESSION are then simple vars if sessions are not active.
34// TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
35if (!defined("NOSESSION")) {
36 define("NOSESSION", '1');
37}
38
39// Load Dolibarr environment
40require '../../main.inc.php';
41
42// Security
43if ($dolibarr_main_prod) {
44 accessforbidden('Access forbidden when $dolibarr_main_prod is set to 1');
45}
46
47
48/*
49 * View
50 */
51
52header("Content-type: text/html; charset=UTF8");
53
54// Security options
55header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
56header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
57
58print "*** TEST READ OF /tmp/test.txt FILE (Example: if file exists and owned by apache process owner + PrivateTmp is false + apparmor rules allows read of owned files in /tmp/, then you should see the file)<br>\n";
59
60$out='';
61$ret=0;
62
63$file = '/tmp/test.txt';
64$f=fopen($file, 'r');
65if ($f) {
66 $s=fread($f, 4096);
67 print $s;
68 fclose($f);
69} else {
70 print "Failed to open file ".$file."<br>\n";
71}
72
73print '<br><br>'."\n";
74
75
76print "*** TEST READ OF /test.txt FILE AND LS /dev/std*<br>\n";
77
78exec('cat /test.txt; ls /dev/std*; sleep 1;', $out, $ret);
79print "ret=".$ret."<br>\n";
80print_r($out);
81print '<br>';
82
83print '<br><br>'."\n";
84
85
86print "*** TRY TO RUN CLAMDSCAN<br>\n";
87
88$ret = 0;
89$out = null;
90exec('/usr/bin/clamdscan --fdpass filethatdoesnotexists.php', $out, $ret);
91print "ret=".$ret."<br>\n";
92print_r($out);
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.