ID: 18291 Comment by: soren at vejrum dot dk Reported By: php dot hc at saustrup dot net Status: Verified Bug Type: Program Execution Operating System: RedHat Linux 7.3 PHP Version: 4.3.0-dev New Comment:
Same/similar problem in PHP 3.1.0 (on RedHat Linux 7.2). Previous Comments: ------------------------------------------------------------------------ [2002-07-19 20:56:56] [EMAIL PROTECTED] Seems like safe-mode does mess up the parameters. I'm not sure if this is actually the correct behaviour... ------------------------------------------------------------------------ [2002-07-19 20:09:28] php dot hc at saustrup dot net I tried what you suggested, and this is what came out: Script 1: "213 Script 2: 213 I'm a security freak, so I have safe_mode enabled. Apparently safe_mode is infact the cause of this error, because when I disabled it in php.ini, the two scripts worked like you suggested: Script 1: 213 123 Script 2: 213 Please test this yourself and post the results. ------------------------------------------------------------------------ [2002-07-12 18:51:52] [EMAIL PROTECTED] FYI: PHP uses popen(), not execve().. In 4.2.1 there is pcntl_exec() which behaves similarly to the system execve. Maybe that's what you want to use..? Try these scripts: shell_args_1arg.php: <?php echo exec('./test.sh "213 123"'); ?> shell_args_2arg.php: <?php echo exec('./test.sh 213 123'); ?> test.sh: <----8<----> #!/bin/sh echo $1 <----8<----> ------------------------------------------------------------------------ [2002-07-12 08:31:07] php dot hc at saustrup dot net And just to make it perfectly clear what arguments my binary is getting: Arg1: 1 Arg2: 2 Arg3: 3 Arg4: "a Arg5: b Arg6: c" Arg7: 4 Arg8: 5 Arg9: 6 ------------------------------------------------------------------------ [2002-07-12 08:28:20] php dot hc at saustrup dot net As far as I can see, it's not even required by the exec()'ing user to have a valid shell in /etc/passwd, so I very much expect that the binary is being exec()'d directly, without the use of a shell. If you check out the man page for the execve() function, you'll see that arguments are actually submitted as an array, and not as a whole string. If they were infact passed through a shell (I believe the backticks and passthru() does this), escapeshellarg() might have been the solution - but not in this case. I tried it, but exec() apparently still splits up the string where it finds whitespaces (escaped or not), and passes it on to ie. execve(). And just to make it perfectly clear what I want: Binary: /usr/bin/binary Arg1: 1 Arg2: 2 Arg3: 3 Arg4: a b c Arg5: 4 Arg6: 5 Arg7: 6 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/18291 -- Edit this bug report at http://bugs.php.net/?id=18291&edit=1