![]() quick server pages |
Shell command interfaceThe #shell directive provides a convenient, safe facility for invoking shell commands and capturing/parsing the results, for maximum flexibility in interfacing with the shell and other programs. Several examples are provided below.
To address the security problem of malicious users executing nasty shell commands via cgi variables,
the following shell metacharacters are automatically screened out from QUISP variables
that are present in the shell command: " ' ` $ \ ;
(this set of characters is
configurable
and also settable dynamically using
#mode
). For this same reason it is also good practice to enclose all shell command arguments in
double quotes.
Developers must understand this potential security hole and verify that shell metacharacter screening
is indeed working as they want it to, in their application.
#shell - #endshellIssue a shell command. The shell command can be one or more lines in length. QUISP variables and other directives such as #if can be used to build the shell command. Results can be displayed directly or captured for further processing. The shell command's exit code is available via $shellexitcode() and the number of output lines is available via $shellrowcount().Usage: #shell [mode] shellcommand(s) ... #endshell mode may be one of the following:
Note: mode may optionally begin with a pound sign (#) for readability.
Note: #sql directives cannot be embedded within #shell / #endshell.
@PROJDIR
The variable @PROJDIR, which is set in your project config file, contains the full
path name of the project directory and may be used to build shell commands that
reference files therein.
@HTMLPATHThe variable @HTMLPATH, which is set in your project config file, contains the full path name of the directory on your system where static files such as images reside. It may be useful when issueing shell commands.FunctionsThese functions may be used in conjunction with the #shell command:$shellrow( fieldname1, .., fieldnameN )
$shellrowcount( )
$shellexitcode( )
$shellfielddelim( s )
$shellfieldconvert( convertmode )
$shellreadheader( )
ExamplesExample 1. Invoke a grep command and display the results: #set searchword = "macula" <pre> #shell grep "@searchword" /home/steve/textfiles/* #endshell </pre> #if $shellrowcount() != 0 <h3>Nothing found</h3> #endif Example 2. Same as above but add a sed command and display results as HTML table rows: #set searchword = "macula" <table cellpadding=2> #shell dumphtml grep "@searchword" /home/steve/textfiles/* | sed "s/^.*://" #endshell </table> #if $shellrowcount() != 0 <h3>Nothing found</h3> #endif Example 3. Invoke a command that computes correlations and process the results one row at a time: #shell processrows correlate all #endshell <table cellpadding=2> #while $shellrow( var1, var2, pearson, n ) == 0 <tr><td>@var1</td><td>@var2</td><td>@pearson</td><td>N = @n</td></tr> #endloop </table> #if $shellrowcount() < 1 <h3>No correlations computed</h3> #endif Example 4. Invoke a shell command and capture its exit code: #shell addlog @DATE @TIME @READING #endshell #if $shellexitcode() != 0 <h3>Addlog failed!</h3> #endif |
![]() quick server pages Copyright Steve Grubb |