ID: 44801
Updated by: [EMAIL PROTECTED]
Reported By: twm at twmacinta dot com
-Status: Open
+Status: Feedback
Bug Type: CGI related
Operating System: Red Hat Enterprise Linux ES 3
PHP Version: 5.2.5
Assigned To: fb-req-jani
New Comment:
Next obvious question is: How did you build PHP? ie. What configure
line, etc. Also to eliminate every last moving parts: run the script
like this:
# php -n script.php
Previous Comments:
------------------------------------------------------------------------
[2008-04-24 17:23:47] twm at twmacinta dot com
Good idea. I modified my test script as suggested. Here's the output
on RHEL3 with the CVS snapshot php5.2-20080423123:
----
Before: 'Tim'\''s Test'
After: sh: line 1: /var/tmp2/php5_take2/targ/bin/Tim\s: No such file or
directory
----
In case you're wondering about the path, I set "./configure --prefix"
to "/var/tmp2/php5_take2/targ" so that I could install it there and test
it before overwriting my old PHP 4 installation. PHP 4 on the same
machine gives the same output as above, except that it's the usual
"/usr/bin/" path.
For comparison, here's the output on my other RHEL3 server which has
the latest, default version of PHP 4.3 from Red Hat:
----
Before: 'Tim'\''s Test'
After: sh: line 1: /usr/bin/'Tim'\''s: No such file or directory
----
I also ran the revised test on Mac OS X 10.5, which has PHP 5.2.5, to
get what is the correct output (i.e., what you got):
----
Before: 'Tim'\''s Test'
After: sh: Tim's Test: command not found
----
------------------------------------------------------------------------
[2008-04-24 11:09:06] [EMAIL PROTECTED]
]$ php t.php
Before: 'Tim'\''s Test'
After: Tim's Test
So it works fine using latest CVS (for me).
You're using /bin/echo there, what if you simply do this:
<?php
header("Content-Type: text/plain");
$textEscaped = escapeshellarg("Tim's Test");
print("Before: {$textEscaped}\n");
print("After: ");
passthru($textEscaped);
?>
That would eliminate one "moving part" here..
Just check the resulting error message what it has. :)
------------------------------------------------------------------------
[2008-04-23 14:13:55] twm at twmacinta dot com
Thank you for the fast reply. I have tried the latest CVS snapshot
(php5.2-200804231230) and I still get the same incorrect output. It
sounds like some library in RHEL3 which PHP uses is behaving differently
than on newer platforms.
If it helps, I have another server running the same version of RHEL3
which has the default version of PHP still on it (updated via
'up2date'), rather than one that I compiled. I know you don't support
PHP 4.3 any longer, I'm just pointing it out in case it helps to know
that this test case has been broken on RHEL3 for awhile, it's not a
problem unique to my compiled version, and the problem didn't just
appear in PHP 5.2. I do get slightly different output there, but it is
still incorrect.
------------------------------------------------------------------------
[2008-04-23 00:58:25] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows (zip):
http://snaps.php.net/win32/php5.2-win32-latest.zip
For Windows (installer):
http://snaps.php.net/win32/php5.2-win32-installer-latest.msi
This looks has been fixed. Works fine for me using 5.2.6-RC4.
------------------------------------------------------------------------
[2008-04-22 19:16:55] twm at twmacinta dot com
Description:
------------
When I run a PHP script which uses passthru() to execute a command with
characters that need escaping, the escaping is incorrect when the script
is run from the command line, but it is fine when the script is run from
within Apache. This was causing the script
"ext/standard/tests/file/bug22414.phpt" to fail when I attempted to run
"make test" after building PHP 5.2.5 on RHEL3. I have created a
simplified script for this report to demonstrate the problem, though I
will note that I can also reproduce it reliably with "bug22414.phpt".
I should mention that I also tried my test script from the command line
in Mac OS X 10.5 running PHP 5.2.5 and Ubuntu 7.10 running PHP 5.2.3 and
it worked correctly in both cases. So, my suspicion is that there is an
older library on RHEL3 which is causing the parsing the be incorrect.
It passes all the requirements checks made by './configure', though.
I ran the test code below using the '-n' option to PHP so as to
eliminate my "php.ini" as the problem.
Reproduce code:
---------------
header("Content-Type: text/plain");
$textEscaped = escapeshellarg("Tim's Test");
print("Before: {$textEscaped}\n");
print("After: ");
passthru("/bin/echo {$textEscaped}");
Expected result:
----------------
Before: 'Tim'\''s Test'
After: Tim's Test
Actual result:
--------------
Before: 'Tim'\''s Test'
After: Tim\s Test'
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44801&edit=1
