From: [EMAIL PROTECTED]
Operating system: Unix
PHP version: 4.0.6
PHP Bug Type: Program Execution
Bug description: Command line arguments escaped magically and out of control
4.0.6 (safe mode), Apache 1.3.20, running as server module, under Solaris
8/Sparc
When passing arguments to an executable with either exec(), system() or
passthru(), special shell characters are escaped automatically, and I have
no control over it. As a result, I am unable to pass to the executable a
paramter containing white space (such as a file name with spaces), because
I cannot surround it with quotes or backslash the spaces (the automatic
escaping protects the quotes or backslash from the shell).
Another consequence is that I cannot use shell redirection symbols (e.g.
2>&1): they get escaped, too, and the executable receives the string "2>&1"
as one of its parameters.
If I use escapeshellarg() for each argument (as I should), the single
quotes, put arround the argument by that function, are passed over as part
of the argument. For example:
$arg = escapeshellarg("/var/www/data/foo bar.txt");
passthru( "/var/www/bin/myprog $arg" );
Produces the following output from myprog:
'/var/www/data/foo: No such file or directory
bar.txt': No such file or directory
I suspect that this bug may be specific to Solaris, since I could not
reproduce the same behaviour under identical configuration under FreeBSD.
Hoping for a fix in the upcoming release,
--
Arcady Genkin
--
Edit bug report at: http://bugs.php.net/?id=13843&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
