I am trying to call a shell script from a javascript function. This works fine and the shell script returns everything I expected BUT I cannot figure out how to pass command line arguments to this shell script.
Using GET, I assume the url being called needs to be one string with no spaces (hence i cannot do url="myScript.sh arg1 arg2 arg3"
Using POST, I am sending the post variables like this
var args="a=b";
req.open("POST", url, true);
req.send(args);
but do not know how to read those from within my shell script.
The CGI spec defines how arguments are made available to the CGI script. You can pass data using either GET, in $QUERY_STRING, or POST, as standard input. Transforming these to the moral equivalent of command-line arguments needs to be performed inside the script. If you cannot modify it, write a wrapper which does the transformation and then invokes the real script with the command-line arguments it expects.
Side note: not all browsers allow you to execute shell commands through javascript (and enabling this is really dangerous). The only way javascript can ask for safe execution is on server-side using ajax -- this is used to make really dynamic pages which don't need page reload to retrieve information.
Simple javascript "ajax" call to the script using "GET" worked. Command line arguments come in in the env variable $QUERY_STRING. I find it hard to write a command line input parser so I might have to go back to my old way of doing things.
Shell script is kind of brittle when it comes to proper quoting of user-specified arguments etc so you need to be really careful here. Perhaps wrapping the call in PHP is not such a bad idea (although PHP too has a bit of a track record when it comes to security problems .... /me ducks) and make really really sure you use proper quoting everywhere in the script and in everything which invokes it. And keep in mind that security checks in JavaScript are ineffective; somebody could simply be connecting directly to the CGI script, without going through your form (or with JavaScript disabled).
As such, it's not very hard to split on & with IFS='&'. IFS=& query_string - Google Search brings up some matches but I would regard all of them with extreme suspicion. If you see a variable interpolation without double quotes around it, run away.
Parse query function - IT Community looks like it's rather competently coded, although it's Bash only. Actually seems like it's probably one of our members who submitted it -- cfajohnson
Fantastic. Yeah security is something that needs alot of thought I think. I haev a nice safesql php class that I use to make sql queries in php, its very nice. I would love to have / find a safe javascript -> shell script caller, that does all the escaping etc..