ID: 49446
Updated by: scott...@php.net
Reported By: heromantor at users dot sourceforge dot net
Status: Open
Bug Type: CGI related
Operating System: windows xp sp2
PHP Version: 5.2.10
New Comment:
This was fixed in 5.3 with bug #43261
Though \\ within double quotes is considered a single \
Previous Comments:
[2009-09-02 23:51:40] heromantor at users dot sourceforge dot net
oh sorry, i post invalid patch.
this ok:
--- exec.c Wed Sep 2 23:44:19 2009
+++ exec_fixed.cWed Sep 2 23:44:41 2009
@@ -343,7 +343,7 @@
*/
PHPAPI char *php_escape_shell_arg(char *str)
{
-int x, y = 0, l = strlen(str);
+int x, y = 0, j, l = strlen(str);
char *cmd;
size_t estimate = (4 * l) + 3;
@@ -352,6 +352,11 @@
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
+# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+cmd[y++] = '\\'; \
+}
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
@@ -372,10 +377,16 @@
switch (str[x]) {
#ifdef PHP_WIN32
-case '"':
-case '%':
-cmd[y++] = ' ';
-break;
+case '%':
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+cmd[y++] = '"';
+cmd[y++] = '%';
+cmd[y++] = '"';
+break;
+case '"':
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+cmd[y++] = '"';
+/* fall-through */
#else
case '\'':
cmd[y++] = '\'';
@@ -388,6 +399,9 @@
}
}
#ifdef PHP_WIN32
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
[2009-09-02 23:10:52] heromantor at users dot sourceforge dot net
Description:
escapeshellarg function dosn`t work properly on windows platform.
Problem in " \ and % chars handling.
this patch fix this problem
--- exec.c Wed Sep 2 22:41:27 2009
+++ exec_fixed.cWed Sep 2 22:40:50 2009
@@ -352,6 +352,11 @@
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
+# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+cmd[y++] = '\\'; \
+}
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
@@ -372,10 +377,16 @@
switch (str[x]) {
#ifdef PHP_WIN32
- case '"':
- case '%':
- cmd[y++] = ' ';
- break;
+case '%':
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+cmd[y++] = '"';
+cmd[y++] = '%';
+cmd[y++] = '"';
+break;
+case '"':
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+cmd[y++] = '"';
+/* fall-through */
#else
case '\'':
cmd[y++] = '\'';
@@ -388,6 +399,9 @@
}
}
#ifdef PHP_WIN32
+PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
and some test cases
P A T H => "P A T H"
%PATH% => ""%"PATH"%""
a%PATH%b => "a"%"PATH"%"b"
%%PATH%% => ""%""%"PATH"%""%""
"PATH" => """PATH"""
"%PATH%" => %"PATH"%
\P\A\T\H => "\P\A\T\H"
\P\A\T\H\ => "\P\A\T\H\\"
\%\%\ => "\\"%"\\"%"\\"
a\\%b\\c%\\ => "a"%"b\\c"%""
"a\" => """a\\"""
a\" => "a\\"""
a\"^|^&^(^) => "a\\""^|^&^(^)"
PATH\%\ => "PATH\\"%"\\"
Reproduce code:
---
http://bugs.php.net/?id=49446&edit=1