hirokawa Sun, 30 Oct 2011 05:57:26 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=318568
Log: added a test script for bug60116 and fixed behabior of ESCAPE_CMD_END. Bug: https://bugs.php.net/60116 (To be documented) escapeshellcmd() cannot escape the chars which causes shell injection. Changed paths: U php/php-src/trunk/ext/standard/exec.c A php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt Modified: php/php-src/trunk/ext/standard/exec.c =================================================================== --- php/php-src/trunk/ext/standard/exec.c 2011-10-30 01:45:29 UTC (rev 318567) +++ php/php-src/trunk/ext/standard/exec.c 2011-10-30 05:57:26 UTC (rev 318568) @@ -280,7 +280,7 @@ cmd[y++] = '\\'; cmd[y++] = str[x]; } else if (flag == ESCAPE_CMD_END) { - if (x == 0 || x == l - 1) { + if ((x == 0 || x == l - 1) && (str[0] == str[l-1])) { cmd[y++] = str[x]; } else { cmd[y++] = '\\'; Added: php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt 2011-10-30 05:57:26 UTC (rev 318568) @@ -0,0 +1,160 @@ +--TEST-- +Test escapeshellcmd() to escape the quotation +--SKIPIF-- +<?php +if( substr(PHP_OS, 0, 3) == 'WIN' ) { + die('skip...Invalid for Windows'); +} +?> +--FILE-- +<?php +echo "*** Testing escapeshellcmd() escape the quotation ***\n"; +$data = array( + '"abc', + "'abc", + '?<>', + '()[]{}$', + '%^', + '#&;`|*?', + '~<>\\', + '%NOENV%', + "abc' 'def", + 'abc" "def', + "'abc def'", + '"abc def"', +); + +echo "case: default\n"; + +$count = 1; +foreach ($data AS $value) { + echo "-- Test " . $count++ . " --\n"; + var_dump(escapeshellcmd($value)); +} + +echo "case: ESCAPE_CMD_PAIR\n"; +$count = 1; +foreach ($data AS $value) { + echo "-- Test " . $count++ . " --\n"; + var_dump(escapeshellcmd($value, ESCAPE_CMD_PAIR)); +} + +echo "case: ESCAPE_CMD_END\n"; +$count = 1; +foreach ($data AS $value) { + echo "-- Test " . $count++ . " --\n"; + var_dump(escapeshellcmd($value, ESCAPE_CMD_END)); +} + +echo "case: ESCAPE_CMD_ALL\n"; +$count = 1; +foreach ($data AS $value) { + echo "-- Test " . $count++ . " --\n"; + var_dump(escapeshellcmd($value, ESCAPE_CMD_ALL)); +} + +echo "Done\n"; +?> +--EXPECTF-- +*** Testing escapeshellcmd() escape the quotation *** +case: default +-- Test 1 -- +string(5) "\"abc" +-- Test 2 -- +string(5) "\'abc" +-- Test 3 -- +string(6) "\?\<\>" +-- Test 4 -- +string(14) "\(\)\[\]\{\}\$" +-- Test 5 -- +string(3) "%\^" +-- Test 6 -- +string(14) "\#\&\;\`\|\*\?" +-- Test 7 -- +string(8) "\~\<\>\\" +-- Test 8 -- +string(7) "%NOENV%" +-- Test 9 -- +string(9) "abc' 'def" +-- Test 10 -- +string(9) "abc" "def" +-- Test 11 -- +string(9) "'abc def'" +-- Test 12 -- +string(9) ""abc def"" +case: ESCAPE_CMD_PAIR +-- Test 1 -- +string(5) "\"abc" +-- Test 2 -- +string(5) "\'abc" +-- Test 3 -- +string(6) "\?\<\>" +-- Test 4 -- +string(14) "\(\)\[\]\{\}\$" +-- Test 5 -- +string(3) "%\^" +-- Test 6 -- +string(14) "\#\&\;\`\|\*\?" +-- Test 7 -- +string(8) "\~\<\>\\" +-- Test 8 -- +string(7) "%NOENV%" +-- Test 9 -- +string(9) "abc' 'def" +-- Test 10 -- +string(9) "abc" "def" +-- Test 11 -- +string(9) "'abc def'" +-- Test 12 -- +string(9) ""abc def"" +case: ESCAPE_CMD_END +-- Test 1 -- +string(5) "\"abc" +-- Test 2 -- +string(5) "\'abc" +-- Test 3 -- +string(6) "\?\<\>" +-- Test 4 -- +string(14) "\(\)\[\]\{\}\$" +-- Test 5 -- +string(3) "%\^" +-- Test 6 -- +string(14) "\#\&\;\`\|\*\?" +-- Test 7 -- +string(8) "\~\<\>\\" +-- Test 8 -- +string(7) "%NOENV%" +-- Test 9 -- +string(11) "abc\' \'def" +-- Test 10 -- +string(11) "abc\" \"def" +-- Test 11 -- +string(9) "'abc def'" +-- Test 12 -- +string(9) ""abc def"" +case: ESCAPE_CMD_ALL +-- Test 1 -- +string(5) "\"abc" +-- Test 2 -- +string(5) "\'abc" +-- Test 3 -- +string(6) "\?\<\>" +-- Test 4 -- +string(14) "\(\)\[\]\{\}\$" +-- Test 5 -- +string(3) "%\^" +-- Test 6 -- +string(14) "\#\&\;\`\|\*\?" +-- Test 7 -- +string(8) "\~\<\>\\" +-- Test 8 -- +string(7) "%NOENV%" +-- Test 9 -- +string(11) "abc\' \'def" +-- Test 10 -- +string(11) "abc\" \"def" +-- Test 11 -- +string(11) "\'abc def\'" +-- Test 12 -- +string(11) "\"abc def\"" +Done Property changes on: php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php