[PHP-CVS] svn: /php/php-src/trunk/ext/standard/ exec.c tests/general_functions/bug60116.phpt

Sat, 29 Oct 2011 22:57:47 -0700 

hirokawa                                 Sun, 30 Oct 2011 05:57:26 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=318568

Log:
added a test script for bug60116 and fixed behabior of ESCAPE_CMD_END.

Bug: https://bugs.php.net/60116 (To be documented) escapeshellcmd() cannot 
escape the chars which causes shell injection.
      
Changed paths:
    U   php/php-src/trunk/ext/standard/exec.c
    A   php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt

Modified: php/php-src/trunk/ext/standard/exec.c
===================================================================
--- php/php-src/trunk/ext/standard/exec.c       2011-10-30 01:45:29 UTC (rev 
318567)
+++ php/php-src/trunk/ext/standard/exec.c       2011-10-30 05:57:26 UTC (rev 
318568)
@@ -280,7 +280,7 @@
                                        cmd[y++] = '\\';
                                        cmd[y++] = str[x];
                                } else if (flag == ESCAPE_CMD_END) {
-                                       if (x == 0 || x == l - 1) {
+                                       if ((x == 0 || x == l - 1) && (str[0] 
== str[l-1])) {
                                                cmd[y++] = str[x];
                     } else {
                         cmd[y++] = '\\';

Added: php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt
===================================================================
--- php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt        
                        (rev 0)
+++ php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt        
2011-10-30 05:57:26 UTC (rev 318568)
@@ -0,0 +1,160 @@
+--TEST--
+Test escapeshellcmd() to escape the quotation
+--SKIPIF--
+<?php
+if( substr(PHP_OS, 0, 3) == 'WIN' ) {
+   die('skip...Invalid for Windows');
+}
+?>
+--FILE--
+<?php
+echo "*** Testing escapeshellcmd() escape the quotation ***\n";
+$data = array(
+       '"abc',
+       "'abc",
+       '?<>',
+       '()[]{}$',
+       '%^',
+       '#&;`|*?',
+       '~<>\\',
+       '%NOENV%',
+       "abc' 'def",
+       'abc" "def',
+       "'abc def'",
+       '"abc def"',
+);
+
+echo "case: default\n";
+
+$count = 1;
+foreach ($data AS $value) {
+       echo "-- Test " . $count++ . " --\n";
+       var_dump(escapeshellcmd($value));
+}
+
+echo "case: ESCAPE_CMD_PAIR\n";
+$count = 1;
+foreach ($data AS $value) {
+       echo "-- Test " . $count++ . " --\n";
+       var_dump(escapeshellcmd($value, ESCAPE_CMD_PAIR));
+}
+
+echo "case: ESCAPE_CMD_END\n";
+$count = 1;
+foreach ($data AS $value) {
+       echo "-- Test " . $count++ . " --\n";
+       var_dump(escapeshellcmd($value, ESCAPE_CMD_END));
+}
+
+echo "case: ESCAPE_CMD_ALL\n";
+$count = 1;
+foreach ($data AS $value) {
+       echo "-- Test " . $count++ . " --\n";
+       var_dump(escapeshellcmd($value, ESCAPE_CMD_ALL));
+}
+
+echo "Done\n";
+?>
+--EXPECTF--
+*** Testing escapeshellcmd() escape the quotation ***
+case: default
+-- Test 1 --
+string(5) "\"abc"
+-- Test 2 --
+string(5) "\'abc"
+-- Test 3 --
+string(6) "\?\<\>"
+-- Test 4 --
+string(14) "\(\)\[\]\{\}\$"
+-- Test 5 --
+string(3) "%\^"
+-- Test 6 --
+string(14) "\#\&\;\`\|\*\?"
+-- Test 7 --
+string(8) "\~\<\>\\"
+-- Test 8 --
+string(7) "%NOENV%"
+-- Test 9 --
+string(9) "abc' 'def"
+-- Test 10 --
+string(9) "abc" "def"
+-- Test 11 --
+string(9) "'abc def'"
+-- Test 12 --
+string(9) ""abc def""
+case: ESCAPE_CMD_PAIR
+-- Test 1 --
+string(5) "\"abc"
+-- Test 2 --
+string(5) "\'abc"
+-- Test 3 --
+string(6) "\?\<\>"
+-- Test 4 --
+string(14) "\(\)\[\]\{\}\$"
+-- Test 5 --
+string(3) "%\^"
+-- Test 6 --
+string(14) "\#\&\;\`\|\*\?"
+-- Test 7 --
+string(8) "\~\<\>\\"
+-- Test 8 --
+string(7) "%NOENV%"
+-- Test 9 --
+string(9) "abc' 'def"
+-- Test 10 --
+string(9) "abc" "def"
+-- Test 11 --
+string(9) "'abc def'"
+-- Test 12 --
+string(9) ""abc def""
+case: ESCAPE_CMD_END
+-- Test 1 --
+string(5) "\"abc"
+-- Test 2 --
+string(5) "\'abc"
+-- Test 3 --
+string(6) "\?\<\>"
+-- Test 4 --
+string(14) "\(\)\[\]\{\}\$"
+-- Test 5 --
+string(3) "%\^"
+-- Test 6 --
+string(14) "\#\&\;\`\|\*\?"
+-- Test 7 --
+string(8) "\~\<\>\\"
+-- Test 8 --
+string(7) "%NOENV%"
+-- Test 9 --
+string(11) "abc\' \'def"
+-- Test 10 --
+string(11) "abc\" \"def"
+-- Test 11 --
+string(9) "'abc def'"
+-- Test 12 --
+string(9) ""abc def""
+case: ESCAPE_CMD_ALL
+-- Test 1 --
+string(5) "\"abc"
+-- Test 2 --
+string(5) "\'abc"
+-- Test 3 --
+string(6) "\?\<\>"
+-- Test 4 --
+string(14) "\(\)\[\]\{\}\$"
+-- Test 5 --
+string(3) "%\^"
+-- Test 6 --
+string(14) "\#\&\;\`\|\*\?"
+-- Test 7 --
+string(8) "\~\<\>\\"
+-- Test 8 --
+string(7) "%NOENV%"
+-- Test 9 --
+string(11) "abc\' \'def"
+-- Test 10 --
+string(11) "abc\" \"def"
+-- Test 11 --
+string(11) "\'abc def\'"
+-- Test 12 --
+string(11) "\"abc def\""
+Done


Property changes on: 
php/php-src/trunk/ext/standard/tests/general_functions/bug60116.phpt
___________________________________________________________________
Added: svn:keywords
   + Id Rev Revision
Added: svn:eol-style
   + native


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to