ID: 43261
Updated by: [EMAIL PROTECTED]
Reported By: RQuadling at GMail dot com
-Status: Closed
+Status: Assigned
Bug Type: Unknown/Other Function
Operating System: Windows XP SP2
PHP Version: 5.3CVS-2007-11-12 (snap)
-Assigned To:
+Assigned To: pajoye
Previous Comments:
------------------------------------------------------------------------
[2008-06-10 10:20:14] [EMAIL PROTECTED]
Actually Scott fixed this without marking it as fixed =)
------------------------------------------------------------------------
[2008-06-10 10:12:54] [EMAIL PROTECTED]
Well if nobody else wanna apply it, then Ill take it =)
------------------------------------------------------------------------
[2008-05-30 09:35:31] RQuadling at GMail dot com
Gee. Even with a patch, how do I get anyone to pay any attention!?
------------------------------------------------------------------------
[2007-11-12 13:39:29] RQuadling at GMail dot com
Description:
------------
The windows version of escapeshellcmd replaces any of the special
characters with a space, whereas, on other platforms it escapes them.
There is a valid escape character for windows. It is the ^ character.
Taking the current set of type-able characters from exec.c, the
following is a proof of the ^ working ...
2007/11/12 13:22:42 V:\PHP\PHP5>echo foo ^' bar
foo ' bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^" bar
foo " bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^# bar
foo # bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^$ bar
foo $ bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^% bar
foo % bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^& bar
foo & bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^( bar
foo ( bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^) bar
foo ) bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^* bar
foo * bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^; bar
foo ; bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^? bar
foo ? bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^[ bar
foo [ bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^\ bar
foo \ bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^] bar
foo ] bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^^ bar
foo ^ bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^` bar
foo ` bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^{ bar
foo { bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^| bar
foo | bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^} bar
foo } bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^~ bar
foo ~ bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^< bar
foo < bar
2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^> bar
foo > bar
I can't easily emulate 0xA0 and 0xFF in this test.
I've included a patch also ...
Index: exec.c
===================================================================
RCS file: /repository/php-src/ext/standard/exec.c,v
retrieving revision 1.125
diff -u -r1.125 exec.c
--- exec.c 5 Nov 2007 14:06:19 -0000 1.125
+++ exec.c 12 Nov 2007 13:13:09 -0000
@@ -291,13 +291,12 @@
case '\\':
case '\x0A': /* excluding these two */
case '\xFF':
-#ifdef PHP_WIN32
- /* since Windows does not allow us to escape these
chars, just
remove them */
case '%':
- cmd[y++] = ' ';
- break;
-#endif
+#ifdef PHP_WIN32
+ cmd[y++] = '^';
+#else
cmd[y++] = '\\';
+#endif
/* fall-through */
default:
cmd[y++] = str[x];
http://rquadling.php1h.com/exec.c.patch.txt
Reproduce code:
---------------
php -r "exec(escapeshellcmd('echo foo | bar'), $a, $b); var_dump($a,
$b);"
Expected result:
----------------
array(1) {
[0]=>
string(10) "foo ^| bar"
}
int(0)
Actual result:
--------------
array(1) {
[0]=>
string(9) "foo bar"
}
int(0)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=43261&edit=1
