ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Old Status: Bogus
Status: Analyzed
Old Bug Type: Program Execution
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:

Hartmut, you should reread the bug report. 

Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed 
through a function which escapes potentially dangerous 
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.

When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:

  exec('whois -h whois.denic.de Dirk Janssen', $output);

...I get the proper result on line 14:

  [14] => % No entries found for the selected source: "Dirk Janssen"

I take it you don't get the right result from an authorized
server?


Torben


Previous Comments:
------------------------------------------------------------------------

[2002-01-22 05:54:32] [EMAIL PROTECTED]



please compile this little C program 'argdump'

---8<----- argdump.c --------------------------------

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv) {
        int i;

        for(i=0;i<argc;i++) printf("%d: %s\n",i,argv[i]);

        return EXIT_SUCCESS;
}

---------------------------------------->8-----------


and try the following PHP script (with argdump in $PATH)

---8<----- test.php  --------------------------------

<?php
function do_exec($cmd) {
        $res=array(); 
        exec($cmd,$res); 
        echo "\n\n$cmd\n";
        print_r($res);
}

do_exec("argdump -h whois.denic.de Penelope\ Cruz");
do_exec("argdump -h whois.denic.de \"Penelope\ Cruz\"");
do_exec("argdump -h whois.denic.de \"Penelope Cruz\"");
do_exec("argdump -h whois.denic.de 'Penelope\ Cruz'");
do_exec("argdump -h whois.denic.de ".'"'."Penelope Cruz".'"');

?>

---------------------------------------->8-----------

my results are:

argdump -h whois.denic.de Penelope\ Cruz
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


argdump -h whois.denic.de "Penelope\ Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope\ Cruz
)


argdump -h whois.denic.de "Penelope Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope\ Cruz
)


argdump -h whois.denic.de "Penelope Cruz"
Array
(
    [0] => 0: argdump
    [1] => 1: -h
    [2] => 2: whois.denic.de
    [3] => 3: Penelope Cruz
)


on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)



------------------------------------------------------------------------

[2002-01-22 05:45:28] [EMAIL PROTECTED]

I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.

Oliver

------------------------------------------------------------------------

[2002-01-22 05:42:03] [EMAIL PROTECTED]

Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was 
in your safe_mode_exec_dir.


Torben

------------------------------------------------------------------------

[2002-01-22 05:36:43] [EMAIL PROTECTED]

Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.

In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.

Oliver.

------------------------------------------------------------------------

[2002-01-22 05:32:01] [EMAIL PROTECTED]

Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.

I asked several colleagues for advice (PHP and Linux-Freaks),  but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration....

Greets,
  Oliver.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/?id=15157


Edit this bug report at http://bugs.php.net/?id=15157&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to