Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: Use new say command for easy Terminal speech' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use new say command for easy Terminal speech
Authored by: ChiperSoft on Nov 20, '03 12:40:19PM
If you have PHP enabled on your copy of panther, you can use the following php file to have a little fun:

<html><body>
<form method="post">
	Say: <input type="text" name="text" size="40">
	<input type="submit">
</form>
</body></html>

<?php
if (isset($_POST['text'])) {
	exec('say "'.$_POST['text'].'"');
}
?>


[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: Anonymous on Nov 20, '03 03:06:52PM

This sounds like an exceptionally bad idea to me. A malicious user could just type in a quote, followed by &&, followed by any malicious command, and then another quote to match the one at the end. You REALLY don't want to give arbitrary users permission to execute shell commands on your system.



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: rbest on Nov 20, '03 07:28:47PM

Since what ever the user types is in quotes, what could the user type that would do anything other than speak the text.
Example: I tried to enter: hello " && open /Applications/Calculator.app
and nothing happened. Please, if I'm wrong and someone CAN do something malicious, please correct me.



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: ua on Nov 20, '03 09:54:00PM
Looks like:
"; rm -rf /
would be pretty bad.

[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: aranor on Nov 20, '03 10:34:14PM
put escapeshellarg() around the $_POST['text']

[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: drakedave on Nov 21, '03 03:06:10AM

A bit funnier...
<code>
<?
$selected="";
switch($_POST['QUI']){
case 'Agnes' : $selected[1] ="SELECTED";break;
case 'Albert' : $selected[2] ="SELECTED";break;
case 'Bad News' : $selected[3] ="SELECTED";break;
case 'Bahh' : $selected[4] ="SELECTED";break;
case 'Bells' : $selected[5] ="SELECTED";break;
case 'Boing' : $selected[6] ="SELECTED";break;
case 'Bruce' : $selected[7] ="SELECTED";break;
case 'Bubbles' : $selected[8] ="SELECTED";break;
case 'Cellos' : $selected[9] ="SELECTED";break;
case 'Deranged' : $selected[10] ="SELECTED";break;
case 'Fred' : $selected[11] ="SELECTED";break;
case 'Hysterical' : $selected[12] ="SELECTED";break;
case 'Junior' : $selected[13] ="SELECTED";break;
case 'Kathy' : $selected[14] ="SELECTED";break;
case 'Pipe Organ' : $selected[15] ="SELECTED";break;
case 'Princess' : $selected[16] ="SELECTED";break;
case 'Ralph' : $selected[17] ="SELECTED";break;
case 'Trinoids' : $selected[18] ="SELECTED";break;
case 'Vicky' : $selected[19] ="SELECTED";break;
case 'Victoria' : $selected[20] ="SELECTED";break;
case 'Whisper' : $selected[21] ="SELECTED";break;
case 'Zarvox' : $selected[22] ="SELECTED";break;
}
?>

<html><body>
<form method="post">
<select name="QUI">
<option <? echo $selected[1]?>>Agnes</option>
<option <? echo $selected[2]?>>Albert</option>
<option <? echo $selected[3]?>>Bad News</option>
<option <? echo $selected[4]?>>Bahh</option>
<option <? echo $selected[5]?>>Bells</option>
<option <? echo $selected[6]?>>Boing</option>
<option <? echo $selected[7]?>>Bruce</option>
<option <? echo $selected[8]?>>Bubbles</option>
<option <? echo $selected[9]?>>Cellos</option>
<option <? echo $selected[10]?>>Deranged</option>
<option <? echo $selected[11]?>>Fred</option>
<option <? echo $selected[12]?>>Hysterical</option>
<option <? echo $selected[13]?>>Junior</option>
<option <? echo $selected[14]?>>Kathy</option>
<option <? echo $selected[15]?>>Pipe Organ</option>
<option <? echo $selected[16]?>>Princess</option>
<option <? echo $selected[17]?>>Ralph</option>
<option <? echo $selected[18]?>>Trinoids</option>
<option <? echo $selected[19]?>>Vicki</option>
<option <? echo $selected[20]?>>Victoria</option>
<option <? echo $selected[21]?>>Whisper</option>
<option <? echo $selected[22]?>>Zarvox</option>
</select>
Say: <textarea name="text"><? echo $_POST['text']?></textarea>
<input type="submit">
</form>
</body>

</html>

<?php
if (isset($_POST['text'])) {
exec('say -v "'.$_POST['QUI'].'" "'.$_POST['text'].'"');
}
?>
</code>

---
Take care,
Drake



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: Lectrick on Nov 21, '03 04:31:29AM
I added some security, and timestamped logging, in case you miss the performance. (Make sure the Unix permissions on the log directory are appropriate!) I am a php newbie ;) Now time for bed!
----------------------

<html><body>
<form method="post">
        Make my Mac say: <input type="text" name="text" size="40">
        <input type="submit">
</form>
</body></html>

<?php
if (isset($_POST['text'])) {
		$s = escapeshellcmd($_POST['text']);
		system("say \"$s\"");
		$fp = fopen("/Path/to/log/file.txt","a");
		fwrite($fp,date("d M Y h:i:s A")."\t".$s."\n");
		fclose($fp);
}
?>

---
In /dev/null, no one can hear you scream

[ Reply to This | # ]

10.3: Use new say command for easy Terminal speech
Authored by: thecolor on Mar 05, '06 06:21:07PM

Can you think of why I am only able to hear speech through my cmd line and Salling Clicker but not when I use your script via php?

I am positive my php5 setup is running and working as I utilize if wit my server mail script on my site.

Thanks,
~thecolor



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: thecolor on Mar 23, '06 07:32:46AM

it seems to be working now. Unsure why as I've not changed any of my settings. :)

Thanks



[ Reply to This | # ]