In netuse.lists.bugtraq you write:
> Right... Your patch seems to work only with php-3.0.12.
> I attach modified version for php-3.0.13.
Actually, my patch is against the current CVS of PHP and the
diff I posted was being generated directly from the CVS. Get
yourself a copy of current PHP directly from the CVS and all is
well.
>@@ -601,6 +602,11 @@
>
>snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val);
> }
> fp = popen(buf,p);
>+
>+ tmp = _php3_escapeshellcmd(buf);
>+ fp = popen(tmp,p);
>+ efree(tmp); /* temporary copy, no longer necessary */
>+
Your patch does popen twice and the first popen() is unescaped.
This is broken and should not be used. Again, please use the CVS
to get a properly patched version of PHP or wait for the bugfix
release of PHP which will be out RSN.
Kristian
