Pass file from file() to Perl program PHP

Question

I have a PHP code that stores contents of a url by file() method like

$contents=file("http://www.rcsb.org/pdb/files/2AID.pdb"); 

I need to pass these $contents to a perl program by shell_exec() method , something like following

$result=shell_exec("perl_prog.pl $contents");

My question is how to pass this $contents to Perl program. I tried like following

@file=<@ARGV>;

but its not working. Please help me.

Answer 1

That shell_exec() code is utterly vulnerable to shell injection - you're trusting that the remote service won't include something like:

; rm -rf /

As well, file() returns the file contents as an array - you can't pass arrays over the command line directly. Only strings.

A moderately safer version is:

$contents = file_get_contents('http://etc....');
$safe_contents = escapeshellarg($contents);
$result = shell_exec('perl_prog.pl $safe_contents');

On the Perl side, you'd use

my ($contents) = @ARGV;