ID: 15157
Updated by: hholzgra
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
please compile this little C program 'argdump'
---8<----- argdump.c --------------------------------
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
int i;
for(i=0;i<argc;i++) printf("%d: %s\n",i,argv[i]);
return EXIT_SUCCESS;
}
---------------------------------------->8-----------
and try the following PHP script (with argdump in $PATH)
---8<----- test.php --------------------------------
<?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo "\n\n$cmd\n";
print_r($res);
}
do_exec("argdump -h whois.denic.de Penelope\ Cruz");
do_exec("argdump -h whois.denic.de \"Penelope\ Cruz\"");
do_exec("argdump -h whois.denic.de \"Penelope Cruz\"");
do_exec("argdump -h whois.denic.de 'Penelope\ Cruz'");
do_exec("argdump -h whois.denic.de ".'"'."Penelope Cruz".'"');
?>
---------------------------------------->8-----------
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de "Penelope\ Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
Previous Comments:
------------------------------------------------------------------------
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
------------------------------------------------------------------------
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
------------------------------------------------------------------------
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
------------------------------------------------------------------------
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration....
Greets,
Oliver.
------------------------------------------------------------------------
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
