PHP SSH Lib, echoing to a file

Question

I'm trying to create a PHP script that creates a file on a remote linux server through ssh, and echos the file contents into it.

However, I cannot figure out how to correctly and safely encode/escape the file contents, so that the contents don't get interpreted as commands.

I'm using phpseclib from here.

I've tried something like

echo $ssh->exec('sudo echo "' . escapeshellarg($newConfig) . '" > /etc/nginx/nginx.conf') . "\n";

but without success.

Thanks,

Steve

Answer 1

I was going about this all wrong, I should have used Net_SFTP instead of NET_SSH for this sort of thing.

Answer 2

What about escapeshellcmd? Quoting the description of that vs escapeshellarg:

escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument.

...and...

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator.

Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead.