Pregunta

I sent $data (array) from one server to another as shown below. When it gets to the second server, the $data elements are obviously urlencoded. On the second server, I wish to use some of the $data in exec(). Even though I pass a hash and make sure it is valid on the other end, I would still like to escapeshellarg() as appropriate. Since the $data elements are already urlencoded, how should I apply escapeshellarg()? Thanks

curl_setopt($ch,CURLOPT_POSTFIELDS,flatten_GP_array($data));

function flatten_GP_array(array $var,$prefix = false)
{
    //Used for CURL routines when sending multi-dimential array
    $return = array();
    foreach($var as $idx => $value){
        if(is_scalar($value)){
            if($prefix){$return[$prefix.'['.$idx.']'] = urlencode($value);}
            else {$return[$idx] = urlencode($value);}
        }
        else {$return = array_merge($return,library::flatten_GP_array($value,$prefix ? $prefix.'['.$idx.']' : $idx));}
    }
    return $return;
}
¿Fue útil?

Solución

I would advise you to crypt your data with a very long encryption key which only your host and your server knows.

You can use this encryption/decryption class (StackOverflow) from John Conde.

For the sake of simplicity I would then simply serialize your $data array, crypt it and send it to your server.

$urlData = Encryption::encrypt(serialize($data));
curl_setopt($ch,CURLOPT_POSTFIELDS,array('data' => $urlData));

On side of your FAX server just decrypt the data and unserialize it again

$data = unserialize(Encryption::decrypt($dataParameterFromUrl));

Server-side you know have the exact same data you had on your client and can do whatever you want with it.

Furthermore you could use something like challenge response to verify your host.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top