-2

Hi what I'm trying to do is run a bash script when someone clicks on an image. This is being done within an .erb view in Ruby on rails and the server this is running does have php installed. Thank you for reading and have a wonderful day!

<%= image_tag("longbeards.jpg", :class => "homepage-leftsidepicture", onclick:'<?php exec("/home/ncs/slowloris.sh");?>' ) %>

EDIT: I was unable to use the onclick statement from the first answer I got. However, I made a javascript function that calls the statement. Now I get this error that says "No route matches {:action=>"call_script", :controller=>"script"}, missing required keys: [:script_id]"

Shane Callaghan
  • 13
  • 6
  • 2
    You cannot run PHP code from a HTML element in a browser. PHP only runs on the server. The `onclick` attribute will run only run javascript (on the browser) – RiggsFolly Sep 26 '18 at 23:49

1 Answers1

0

You would need to create a controller action that calls the BASH script, so in your controller:

script_controller.rb:

class ScriptController < ApplicationController
 def call_script
   `/home/ncs/slowloris.sh`
 end
end

You would then need to create a route to this action, like so:

routes.rb:

  get 'call_script' => 'script#call_script', as: 'call_script'

Finally you would need to call this new endpoint from your image.

<%= image_tag("longbeards.jpg", :class => "homepage-leftsidepicture",  onclick: "window.open('#{call_script_url}', '_blank')" ) %>
Billy Kimble
  • 798
  • 3
  • 9
  • Is this assuming you're using rails 5.x.x? – Shane Callaghan Sep 28 '18 at 22:42
  • I don't _think_ any of that is Rails 5 specific – Billy Kimble Sep 29 '18 at 18:57
  • Alright, I did what you said in your answer and I got this error "No route matches {:action=>"call_script", :controller=>"script"}, missing required keys: [:script_id]" – Shane Callaghan Sep 30 '18 at 14:56
  • I had a syntax error in there and was missing a : on the 'as', and was incorrecting using <%= %> in window.open. I updated the answer, and I also confirmed this works in Rails 4 – Billy Kimble Sep 30 '18 at 16:54
  • Okay that definitely fixed the missing required keys issues. So I was able to get to the call script function under my script controller. However, I don't believe my script is running when I reach that webpage. Would the system() work in this case? – Shane Callaghan Sep 30 '18 at 19:12
  • Scratch that last comment as I just noticed it was running my bash script. Although it will only run the first line and stop there – Shane Callaghan Sep 30 '18 at 19:26