ID: 40030 Updated by: [EMAIL PROTECTED] Reported By: admin at digibase dot ca -Status: Open +Status: Feedback Bug Type: Scripting Engine problem Operating System: Linux PHP Version: 5.2.1RC2 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If the script requires a database to demonstrate the issue, please make sure it creates all necessary tables, stored procedures etc. Please avoid embedding huge scripts into the report. passing `rm` to escapeshellarg() encloses the text in single quotes, preventing it from being executed. Previous Comments: ------------------------------------------------------------------------ [2007-01-05 11:38:51] admin at digibase dot ca I was unclear on the situation - This is code being executed from IRC via the CLI, when someone per-se says "status `rm`" it actually tries doing that specific code. ------------------------------------------------------------------------ [2007-01-05 11:36:08] admin at digibase dot ca Description: ------------ Whenever I attempt to escape any code, backticks still execute without a problem - whenever I execute it from the CLI (Where I want it to execute from), it accepts injection no matter WHAT I do It seems as if there's only one way to disable this, which is enable safe mode, however, that presents problems, it disables functions I want enabled and causes problems on the webserver attached. Reproduce code: --------------- $text = escapeshellarg(escapeshellcmd(strtolower($text))); Expected result: ---------------- Filter out and prevent injection of arbitary code while sending the clean text on for processing in an if/elseif/else tree Actual result: -------------- When run like php ./script status && `rm` rm actually decides to run. not under privledges but it can cause damage ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40030&edit=1
