There is a very complex php script written from the category “I twist the twist I want to fool” - cryptography - a generator of software licenses.

He spun on the old version of the site. But times are changing, and now the site has successfully moved from php to django.

The problem is that rewriting this script on python is very problematic and time-consuming, so I would just like to run it, but enabling php on the server is not safe.

There is an idea to run php directly through django by calling subprocess ala

process = subprocess.Popen(['php ./old_scripts/licgen.php %s ' % lic_request, '-a'], stdout=subprocess.PIPE) out, err = process.communicate()

Interested in the opinion of the community - how safe it is, and what could be the pitfalls .

  • one
    Most likely there will be norms if no bjaka appears in lic_request - andreymal
  • @andreymal and for lic_request there is a byte-by-byte parsing there, and only exeption such as the inability to divide the digits into 4 parts can occur if you slip some kind of "byaku" :) - Mikhail Alekseevich
  • one
    Well, in general, check your analysis so that there is no lic_request = '&rm -rf /*&#' :) - andreymal
  • one
    Although generally why you have written ['php ./old_scripts/licgen.php %s ' % lic_request, '-a'] , and not ['php', './old_scripts/licgen.php', lic_request, '-a'] ? - andreymal
  • one
    On hand security will be the normal filtering lic_request - you need not to remove prohibited characters, and leave allowed - andreymal

0