ID: 32701
Updated by: [EMAIL PROTECTED]
Reported By: kosmo at miechow dot com
-Status: Bogus
+Status: Open
Bug Type: Filesystem function related
Operating System: Linux
PHP Version: 5.0.4
New Comment:
It works bad. There's no way to echo '-=< Test >=-' in safe_mode. No
characters inside single quotes should be escaped by
php_escape_shell_cmd() as they have no special meaning.
I can prepare a patch for it if it will be accepted.
Previous Comments:
------------------------------------------------------------------------
[2005-04-14 09:51:57] [EMAIL PROTECTED]
This is how it works. No bug here.
------------------------------------------------------------------------
[2005-04-14 09:22:15] kosmo at miechow dot com
Description:
------------
In safe-mode popen() is escaping command line by calling
php_escape_shell_cmd(). This funcion escaping command line,
and changing valid command arguments. IMHO there should be any way to
disable this escaping and run in safe-mode.
Reproduce code:
---------------
<?php
$r = popen("echo '-=< Test >=-'", "r");
print(stream_get_contents($r));
pclose($r);
?>
Expected result:
----------------
-=< Test >=-
Actual result:
--------------
-=\< Test \>=-
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32701&edit=1
