Are there any security concerns when using exec to call wget on a server?

When using exec to call wget on a server, there is a potential security concern if user input is directly passed to the command without proper sanitization. This can lead to command injection attacks where malicious commands are executed. To mitigate this risk, it is important to validate and sanitize user input before passing it to exec.

$url = "https://example.com/file.txt";

// Validate and sanitize the URL input
if (filter_var($url, FILTER_VALIDATE_URL)) {
    // Use escapeshellarg to escape any special characters in the URL
    $command = "wget " . escapeshellarg($url);
    
    // Execute the command
    exec($command);
} else {
    // Handle invalid input
    echo "Invalid URL";
}