Manixat Posted June 8, 2013 Share Posted June 8, 2013 Hello, I'm concerned about the security of this code because I am not really familiar with shell and OS stuff. I needed to add this function because filter_var wasn't enough to filter bullshit emails out like [email protected]. I need to verify domain existence and I grabbed a hold of this function from eHow, which is a pretty trustworthy site, but I need to be 100% sure before using it. Are there any possible issues with this function: function checkDomainAvailability($domain) { if(preg_match('/[;\&\|\>\<]/', $domain)) exit; //Could be a hack attempt exec("whois " . escapeshellarg($domain), $output); //:CAREFUL: $result = implode("\n", $output); return (strpos($result, 'No match') !== false); } Thank you in advance! EDIT: I just noticed that this won't work on windows. Is there any cross-OS command I can use? Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/ Share on other sites More sharing options...
boompa Posted June 8, 2013 Share Posted June 8, 2013 Instead of shelling out, you could use getmxrr to see if there's an MX record for the domain. Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/#findComment-1434828 Share on other sites More sharing options...
Manixat Posted June 8, 2013 Author Share Posted June 8, 2013 Really useful, thanks! Even though in the comments section it is said that this function can return various values which may evaluate to true even if the domain is nonexistent, I tried it myself and didn't experience this issue! Link to comment https://forums.phpfreaks.com/topic/278928-shell-security/#findComment-1434829 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.