ID: 44801 Updated by: [EMAIL PROTECTED] Reported By: twm at twmacinta dot com -Status: Open +Status: Feedback Bug Type: CGI related Operating System: Red Hat Enterprise Linux ES 3 PHP Version: 5.2.5 Assigned To: fb-req-jani New Comment:
Next obvious question is: How did you build PHP? ie. What configure line, etc. Also to eliminate every last moving parts: run the script like this: # php -n script.php Previous Comments: ------------------------------------------------------------------------ [2008-04-24 17:23:47] twm at twmacinta dot com Good idea. I modified my test script as suggested. Here's the output on RHEL3 with the CVS snapshot php5.2-20080423123: ---- Before: 'Tim'\''s Test' After: sh: line 1: /var/tmp2/php5_take2/targ/bin/Tim\s: No such file or directory ---- In case you're wondering about the path, I set "./configure --prefix" to "/var/tmp2/php5_take2/targ" so that I could install it there and test it before overwriting my old PHP 4 installation. PHP 4 on the same machine gives the same output as above, except that it's the usual "/usr/bin/" path. For comparison, here's the output on my other RHEL3 server which has the latest, default version of PHP 4.3 from Red Hat: ---- Before: 'Tim'\''s Test' After: sh: line 1: /usr/bin/'Tim'\''s: No such file or directory ---- I also ran the revised test on Mac OS X 10.5, which has PHP 5.2.5, to get what is the correct output (i.e., what you got): ---- Before: 'Tim'\''s Test' After: sh: Tim's Test: command not found ---- ------------------------------------------------------------------------ [2008-04-24 11:09:06] [EMAIL PROTECTED] ]$ php t.php Before: 'Tim'\''s Test' After: Tim's Test So it works fine using latest CVS (for me). You're using /bin/echo there, what if you simply do this: <?php header("Content-Type: text/plain"); $textEscaped = escapeshellarg("Tim's Test"); print("Before: {$textEscaped}\n"); print("After: "); passthru($textEscaped); ?> That would eliminate one "moving part" here.. Just check the resulting error message what it has. :) ------------------------------------------------------------------------ [2008-04-23 14:13:55] twm at twmacinta dot com Thank you for the fast reply. I have tried the latest CVS snapshot (php5.2-200804231230) and I still get the same incorrect output. It sounds like some library in RHEL3 which PHP uses is behaving differently than on newer platforms. If it helps, I have another server running the same version of RHEL3 which has the default version of PHP still on it (updated via 'up2date'), rather than one that I compiled. I know you don't support PHP 4.3 any longer, I'm just pointing it out in case it helps to know that this test case has been broken on RHEL3 for awhile, it's not a problem unique to my compiled version, and the problem didn't just appear in PHP 5.2. I do get slightly different output there, but it is still incorrect. ------------------------------------------------------------------------ [2008-04-23 00:58:25] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi This looks has been fixed. Works fine for me using 5.2.6-RC4. ------------------------------------------------------------------------ [2008-04-22 19:16:55] twm at twmacinta dot com Description: ------------ When I run a PHP script which uses passthru() to execute a command with characters that need escaping, the escaping is incorrect when the script is run from the command line, but it is fine when the script is run from within Apache. This was causing the script "ext/standard/tests/file/bug22414.phpt" to fail when I attempted to run "make test" after building PHP 5.2.5 on RHEL3. I have created a simplified script for this report to demonstrate the problem, though I will note that I can also reproduce it reliably with "bug22414.phpt". I should mention that I also tried my test script from the command line in Mac OS X 10.5 running PHP 5.2.5 and Ubuntu 7.10 running PHP 5.2.3 and it worked correctly in both cases. So, my suspicion is that there is an older library on RHEL3 which is causing the parsing the be incorrect. It passes all the requirements checks made by './configure', though. I ran the test code below using the '-n' option to PHP so as to eliminate my "php.ini" as the problem. Reproduce code: --------------- header("Content-Type: text/plain"); $textEscaped = escapeshellarg("Tim's Test"); print("Before: {$textEscaped}\n"); print("After: "); passthru("/bin/echo {$textEscaped}"); Expected result: ---------------- Before: 'Tim'\''s Test' After: Tim's Test Actual result: -------------- Before: 'Tim'\''s Test' After: Tim\s Test' ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44801&edit=1