#49446 [NEW]: escapeshellarg dosn`t work on windows
From: heromantor at users dot sourceforge dot net Operating system: windows xp sp2 PHP version: 5.2.10 PHP Bug Type: CGI related Bug description: escapeshellarg dosn`t work on windows Description: escapeshellarg function dosn`t work properly on windows platform. Problem in \ and % chars handling. this patch fix this problem --- exec.c Wed Sep 2 22:41:27 2009 +++ exec_fixed.cWed Sep 2 22:40:50 2009 @@ -352,6 +352,11 @@ cmd = safe_emalloc(4, l, 3); /* worst case */ #ifdef PHP_WIN32 +# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \ +for(j = y - 1; j 0 cmd[j] == '\\'; --j) { \ +cmd[y++] = '\\'; \ +} + cmd[y++] = ''; #else cmd[y++] = '\''; @@ -372,10 +377,16 @@ switch (str[x]) { #ifdef PHP_WIN32 - case '': - case '%': - cmd[y++] = ' '; - break; +case '%': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +cmd[y++] = '%'; +cmd[y++] = ''; +break; +case '': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +/* fall-through */ #else case '\'': cmd[y++] = '\''; @@ -388,6 +399,9 @@ } } #ifdef PHP_WIN32 +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES + cmd[y++] = ''; #else cmd[y++] = '\''; and some test cases P A T H = P A T H %PATH% = %PATH% a%PATH%b = a%PATH%b %%PATH%% = %%PATH%% PATH = PATH %PATH% = %PATH% \P\A\T\H = \P\A\T\H \P\A\T\H\ = \P\A\T\H\\ \%\%\ = \\%\\%\\ a\\%b\\c%\\ = a%b\\c% a\ = a\\ a\ = a\\ a\^|^^(^) = a\\^|^^(^) PATH\%\ = PATH\\%\\ Reproduce code: --- ?php print_r(escapeshellarg(%PATH%) . PHP_EOL); print_r(escapeshellarg(c:\\temp\\) . PHP_EOL); print_r(escapeshellarg('\\') . PHP_EOL); Expected result: %PATH% c:\temp\\ \\ Actual result: -- PATH c:\temp\ \ -- Edit bug report at http://bugs.php.net/?id=49446edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=49446r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=49446r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=49446r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=49446r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=49446r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=49446r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=49446r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=49446r=needscript Try newer version: http://bugs.php.net/fix.php?id=49446r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=49446r=support Expected behavior: http://bugs.php.net/fix.php?id=49446r=notwrong Not enough info: http://bugs.php.net/fix.php?id=49446r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=49446r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=49446r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49446r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=49446r=dst IIS Stability: http://bugs.php.net/fix.php?id=49446r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=49446r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=49446r=float No Zend Extensions: http://bugs.php.net/fix.php?id=49446r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=49446r=mysqlcfg
#49446 [Opn]: escapeshellarg dosn`t work on windows
ID: 49446 User updated by: heromantor at users dot sourceforge dot net Reported By: heromantor at users dot sourceforge dot net Status: Open Bug Type: CGI related Operating System: windows xp sp2 PHP Version: 5.2.10 New Comment: oh sorry, i post invalid patch. this ok: --- exec.c Wed Sep 2 23:44:19 2009 +++ exec_fixed.cWed Sep 2 23:44:41 2009 @@ -343,7 +343,7 @@ */ PHPAPI char *php_escape_shell_arg(char *str) { -int x, y = 0, l = strlen(str); +int x, y = 0, j, l = strlen(str); char *cmd; size_t estimate = (4 * l) + 3; @@ -352,6 +352,11 @@ cmd = safe_emalloc(4, l, 3); /* worst case */ #ifdef PHP_WIN32 +# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \ +for(j = y - 1; j 0 cmd[j] == '\\'; --j) { \ +cmd[y++] = '\\'; \ +} + cmd[y++] = ''; #else cmd[y++] = '\''; @@ -372,10 +377,16 @@ switch (str[x]) { #ifdef PHP_WIN32 -case '': -case '%': -cmd[y++] = ' '; -break; +case '%': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +cmd[y++] = '%'; +cmd[y++] = ''; +break; +case '': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +/* fall-through */ #else case '\'': cmd[y++] = '\''; @@ -388,6 +399,9 @@ } } #ifdef PHP_WIN32 +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES + cmd[y++] = ''; #else cmd[y++] = '\''; Previous Comments: [2009-09-02 23:10:52] heromantor at users dot sourceforge dot net Description: escapeshellarg function dosn`t work properly on windows platform. Problem in \ and % chars handling. this patch fix this problem --- exec.c Wed Sep 2 22:41:27 2009 +++ exec_fixed.cWed Sep 2 22:40:50 2009 @@ -352,6 +352,11 @@ cmd = safe_emalloc(4, l, 3); /* worst case */ #ifdef PHP_WIN32 +# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \ +for(j = y - 1; j 0 cmd[j] == '\\'; --j) { \ +cmd[y++] = '\\'; \ +} + cmd[y++] = ''; #else cmd[y++] = '\''; @@ -372,10 +377,16 @@ switch (str[x]) { #ifdef PHP_WIN32 - case '': - case '%': - cmd[y++] = ' '; - break; +case '%': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +cmd[y++] = '%'; +cmd[y++] = ''; +break; +case '': +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +cmd[y++] = ''; +/* fall-through */ #else case '\'': cmd[y++] = '\''; @@ -388,6 +399,9 @@ } } #ifdef PHP_WIN32 +PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() +# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES + cmd[y++] = ''; #else cmd[y++] = '\''; and some test cases P A T H = P A T H %PATH% = %PATH% a%PATH%b = a%PATH%b %%PATH%% = %%PATH%% PATH = PATH %PATH% = %PATH% \P\A\T\H = \P\A\T\H \P\A\T\H\ = \P\A\T\H\\ \%\%\ = \\%\\%\\ a\\%b\\c%\\ = a%b\\c% a\ = a\\ a\ = a\\ a\^|^^(^) = a\\^|^^(^) PATH\%\ = PATH\\%\\ Reproduce code: --- ?php print_r(escapeshellarg(%PATH%) . PHP_EOL); print_r(escapeshellarg(c:\\temp\\) . PHP_EOL); print_r(escapeshellarg('\\') . PHP_EOL); Expected result: %PATH% c:\temp\\ \\ Actual result: -- PATH c:\temp\ \ -- Edit this bug report at http://bugs.php.net/?id=49446edit=1