-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget.php
42 lines (36 loc) · 1.21 KB
/
get.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
header('Content-type: application/json');
header('Access-Control-Allow-Origin: *');
$queryVal = $_GET["q"];
$indexVal = $_GET["i"];
$startTime = $_GET["start_time"];
$endTime = $_GET["end_time"];
$step = $_GET["step"];
$lab_num = $_GET["lab_num"];
$student_name = $_GET["student_name"];
$vm_name = $_GET["vm_name"];
// Make sure command is safe (no shell injection)
$queryVal = escapeshellcmd($queryVal);
$indexVal = escapeshellcmd($indexVal);
$startTime = escapeshellcmd($startTime);
$endTime = escapeshellcmd($endTime);
$step = escapeshellcmd($step);
$lab_num = escapeshellcmd($lab_num);
$student_name = escapeshellcmd($student_name);
$vm_name = escapeshellcmd($vm_name);
// Add start time and end time for query
$queryVal = $queryVal . " " . $startTime . " " . $endTime . " " . $step;
// Add lab number for query
$queryVal = $queryVal . " " . $lab_num . " " . $student_name . " " . $vm_name;
// Check if string contains a '{'}
$isElastic = strpos($queryVal, '{');
chdir('/var/www/ironsight-api-handler/scripts');
if ($isElastic) {
$command = 'python3 query.py --elastic ' . $queryVal . ' ' . $indexVal;
}
else {
$command = 'python3 query.py --data ' . $queryVal;
}
$output = shell_exec($command);
echo $output;
?>