Manixat Posted June 8, 2013 Share Posted June 8, 2013 (edited) Hello, I'm concerned about the security of this code because I am not really familiar with shell and OS stuff. I needed to add this function because filter_var wasn't enough to filter bullshit emails out like john@crack.house. I need to verify domain existence and I grabbed a hold of this function from eHow, which is a pretty trustworthy site, but I need to be 100% sure before using it. Are there any possible issues with this function: function checkDomainAvailability($domain) { if(preg_match('/[;\&\|\>\<]/', $domain)) exit; //Could be a hack attempt exec("whois " . escapeshellarg($domain), $output); //:CAREFUL: $result = implode("\n", $output); return (strpos($result, 'No match') !== false); } Thank you in advance! EDIT: I just noticed that this won't work on windows. Is there any cross-OS command I can use? Edited June 8, 2013 by Manixat Quote Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/ Share on other sites More sharing options...
Solution boompa Posted June 8, 2013 Solution Share Posted June 8, 2013 Instead of shelling out, you could use getmxrr to see if there's an MX record for the domain. Quote Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/#findComment-1434828 Share on other sites More sharing options...
Manixat Posted June 8, 2013 Author Share Posted June 8, 2013 Really useful, thanks! Even though in the comments section it is said that this function can return various values which may evaluate to true even if the domain is nonexistent, I tried it myself and didn't experience this issue! Quote Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/#findComment-1434829 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.