ID: 49446
User updated by: heromantor at users dot sourceforge dot net
Reported By: heromantor at users dot sourceforge dot net
Status: Open
Bug Type: CGI related
Operating System: windows xp sp2
PHP Version: 5.2.10
New Comment:
oh sorry, i post invalid patch.
this ok:
--- exec.c Wed Sep 2 23:44:19 2009
+++ exec_fixed.c Wed Sep 2 23:44:41 2009
@@ -343,7 +343,7 @@
*/
PHPAPI char *php_escape_shell_arg(char *str)
{
- int x, y = 0, l = strlen(str);
+ int x, y = 0, j, l = strlen(str);
char *cmd;
size_t estimate = (4 * l) + 3;
@@ -352,6 +352,11 @@
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
+# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+ for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+ cmd[y++] = '\\'; \
+ }
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
@@ -372,10 +377,16 @@
switch (str[x]) {
#ifdef PHP_WIN32
- case '"':
- case '%':
- cmd[y++] = ' ';
- break;
+ case '%':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ cmd[y++] = '%';
+ cmd[y++] = '"';
+ break;
+ case '"':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ /* fall-through */
#else
case '\'':
cmd[y++] = '\'';
@@ -388,6 +399,9 @@
}
}
#ifdef PHP_WIN32
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
Previous Comments:
------------------------------------------------------------------------
[2009-09-02 23:10:52] heromantor at users dot sourceforge dot net
Description:
------------
escapeshellarg function dosn`t work properly on windows platform.
Problem in " \ and % chars handling.
this patch fix this problem
--- exec.c Wed Sep 2 22:41:27 2009
+++ exec_fixed.c Wed Sep 2 22:40:50 2009
@@ -352,6 +352,11 @@
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
+# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+ for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+ cmd[y++] = '\\'; \
+ }
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
@@ -372,10 +377,16 @@
switch (str[x]) {
#ifdef PHP_WIN32
- case '"':
- case '%':
- cmd[y++] = ' ';
- break;
+ case '%':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ cmd[y++] = '%';
+ cmd[y++] = '"';
+ break;
+ case '"':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ /* fall-through */
#else
case '\'':
cmd[y++] = '\'';
@@ -388,6 +399,9 @@
}
}
#ifdef PHP_WIN32
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
and some test cases
P A T H => "P A T H"
%PATH% => ""%"PATH"%""
a%PATH%b => "a"%"PATH"%"b"
%%PATH%% => ""%""%"PATH"%""%""
"PATH" => """PATH"""
"%PATH%" => """"%"PATH"%""""
\P\A\T\H => "\P\A\T\H"
\P\A\T\H\ => "\P\A\T\H\\"
\%\%\ => "\\"%"\\"%"\\"
a\\%b\\c%\\ => "a\\\\"%"b\\c"%"\\\\"
"a\" => """a\\"""
a\" => "a\\"""
a\"^|^&^(^) => "a\\""^|^&^(^)"
PATH\%\ => "PATH\\"%"\\"
Reproduce code:
---------------
<?php
print_r(escapeshellarg("%PATH%") . PHP_EOL);
print_r(escapeshellarg("c:\\temp\\") . PHP_EOL);
print_r(escapeshellarg('\\"') . PHP_EOL);
Expected result:
----------------
""%"PATH"%""
"c:\temp\\"
"\\"""
Actual result:
--------------
" PATH "
"c:\temp\"
"\ "
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49446&edit=1
