On Thu, Nov 10, 2011 at 15:19, Rui Hirokawa <hirok...@php.net> wrote: > hirokawa Thu, 10 Nov 2011 14:19:06 +0000 > > Revision: http://svn.php.net/viewvc?view=revision&revision=318996 > > Log: > MFH: fixed bug #60116 (escapeshellcmd() cannot escape the characters which > cause shell command injection). > > Bug: https://bugs.php.net/60116 (error getting bug information) > > Changed paths: > U php/php-src/branches/PHP_5_4/NEWS > U php/php-src/branches/PHP_5_4/ext/standard/exec.c > A > php/php-src/branches/PHP_5_4/ext/standard/tests/general_functions/bug60116.phpt > > Modified: php/php-src/branches/PHP_5_4/NEWS > =================================================================== > --- php/php-src/branches/PHP_5_4/NEWS 2011-11-10 14:12:48 UTC (rev 318995) > +++ php/php-src/branches/PHP_5_4/NEWS 2011-11-10 14:19:06 UTC (rev 318996) > @@ -24,8 +24,10 @@ > . Fixed bug #60169 (Conjunction of ternary and list crashes PHP). > (Laruence) > . Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to > - is_a and is_subclass_of). (alan_k) > - > + is_a and is_subclass_of). (alan_k) > + . Fixed bug #60116 (escapeshellcmd() cannot escape the characters > + which cause shell command injection). (rui)
This is the wrong section, rc1 has been release already so this entry belongs at the top of the file, under rc2 -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
