dwest100 Posted April 29, 2018 Share Posted April 29, 2018 (edited) When this code runs in my php file... `curl https://inklines.art/process_emails.php?url={$full_site_url}&domain={$domain}&site={$site_title}&title={$title}&permalink={$permalink}`; This is all that is sent to the shell: https://MYSITE.COM/process_emails.php?url={$full_site_url} What am I doing wrong in building the command?? Edited April 29, 2018 by dwest100 Quote Link to comment Share on other sites More sharing options...
requinix Posted April 29, 2018 Share Posted April 29, 2018 Not being safe, that's what. Why can't you do this with PHP code? You'll have much more control over it. And why are you cURLing your own site? There are virtually zero reasons why you should do that. Quote Link to comment Share on other sites More sharing options...
dwest100 Posted April 29, 2018 Author Share Posted April 29, 2018 Obviously, I have reasons or I would not have bothered posting here. The two isolated strings are within my php code. To make a long story short, I am running the curl command to execute a separate php emailing process outside of my Wordpress site whenever there is a new post. There are 5000+ subscribers each getting an email notification. This technique will let them process in the background...safely. It's no more unsafe than Wordpress site itself. So can you simply answer the question? Which is about syntax I believe? Quote Link to comment Share on other sites More sharing options...
requinix Posted April 30, 2018 Share Posted April 30, 2018 I'm not sure if you thought I was attacking you or something, but from my point of view I was wondering why you were using shell commands to do something that's possible with native PHP. You gave an answer that makes sense. End of story. escapeshellarg Construct the URL as one complete string and escape the whole value for the command. I'd ask if you already prepared the assorted variables for use as query strings, since that's something you have to consider, but that might offend you so I won't. $url = escapeshellarg("https://inklines.art/process_emails.php?url={$full_site_url}&domain={$domain}&site={$site_title}&title={$title}&permalink={$permalink}"); Quote Link to comment Share on other sites More sharing options...
Solution dwest100 Posted April 30, 2018 Author Solution Share Posted April 30, 2018 Good answer! After much searching and sifting on Google this works very simply: `curl "MY_WEBSITE.com/process_emails.php?url={$full_site_url}&domain={$domain}&site={$site_title}&title={$title}&permalink={$permalink}"`; Enclose entire php command string in backticks —same as typing shell_exec(command string)— Enclose entire argument to curl command in double quotes so the shell interprets the ENTIRE command. Enclose variables in {} instead of concatenating. Simpler and easier to read. The shell was halting the command after the first & because that's what the & does in the linux shell.With the entire string interpreted, it works properly and all 5000 emails are processed outside of my Wordpress site through Amazon SES all nice and tidy and properly authorized with DKIM, SPF and encryption. Quote Link to comment Share on other sites More sharing options...
requinix Posted April 30, 2018 Share Posted April 30, 2018 I sure hope you're sure that those variables can't possibly ever contain quotes, dollar signs, or other metacharacters or escape sequences. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.