dolibarr 23.0.3
test_exec.php
1<?php
2
3if (!defined('NOREQUIREUSER')) {
4 define('NOREQUIREUSER', '1');
5}
6if (!defined('NOREQUIREDB')) {
7 define('NOREQUIREDB', '1');
8}
9if (!defined('NOREQUIRESOC')) {
10 define('NOREQUIRESOC', '1');
11}
12if (!defined('NOREQUIRETRAN')) {
13 define('NOREQUIRETRAN', '1');
14}
15if (!defined('NOSTYLECHECK')) {
16 define('NOSTYLECHECK', '1'); // Do not check style html tag into posted data
17}
18if (!defined('NOREQUIREMENU')) {
19 define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
20}
21if (!defined('NOREQUIREHTML')) {
22 define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
23}
24if (!defined('NOREQUIREAJAX')) {
25 define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
26}
27if (!defined("NOLOGIN")) {
28 define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
29}
30// If you don't need session management (can't be logged if no session used). You must also set
31// NOCSRFCHECK, NOTOKENRENEWAL, NOLOGIN
32// Disable module with GETPOST('disablemodules') won't work. Variable 'dol_...' will not be set.
33// $_SESSION are then simple vars if sessions are not active.
34// TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
35if (!defined("NOSESSION")) {
36 define("NOSESSION", '1');
37}
38
39// Load Dolibarr environment
40require '../../main.inc.php';
50// Security
51if (!empty($dolibarr_main_prod) || empty($dolibarr_main_test)) {
52 accessforbidden('Access forbidden when $dolibarr_main_prod is set to 1');
53}
54
55
56/*
57 * View
58 */
59
60header("Content-type: text/html; charset=UTF8");
61
62// Security options
63header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
64header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
65
66print "*** TEST READ OF /tmp/test.txt FILE (Example: if file exists and owned by apache process owner + PrivateTmp is false + apparmor rules allows read of owned files in /tmp/, then you should see the file)<br>\n";
67
68$out='';
69$ret=0;
70
71$file = '/tmp/test.txt';
72$f=fopen($file, 'r');
73if ($f) {
74 $s=fread($f, 4096);
75 print $s;
76 fclose($f);
77} else {
78 print "Failed to open file ".$file."<br>\n";
79}
80
81print '<br><br>'."\n";
82
83
84print "*** TEST READ OF /test.txt FILE AND LS /dev/std*<br>\n";
85
86exec('cat /test.txt; ls /dev/std*; sleep 1;', $out, $ret);
87print "ret=".$ret."<br>\n";
88print_r($out);
89print '<br>';
90
91print '<br><br>'."\n";
92
93
94print "*** TRY TO RUN CLAMDSCAN<br>\n";
95
96$ret = 0;
97$out = null;
98exec('/usr/bin/clamdscan --fdpass filethatdoesnotexists.php', $out, $ret);
99print "ret=".$ret."<br>\n";
100print_r($out);
accessforbidden
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0, $params=null)
Show a message to say access is forbidden and stop program.
Definition security.lib.php:1358
Generated on Mon Jun 22 2026 20:45:33 for dolibarr by Doxygen 1.11.0