ID: 43261 Updated by: [EMAIL PROTECTED] Reported By: RQuadling at GMail dot com -Status: Closed +Status: Assigned Bug Type: Unknown/Other Function Operating System: Windows XP SP2 PHP Version: 5.3CVS-2007-11-12 (snap) -Assigned To: +Assigned To: pajoye
Previous Comments: ------------------------------------------------------------------------ [2008-06-10 10:20:14] [EMAIL PROTECTED] Actually Scott fixed this without marking it as fixed =) ------------------------------------------------------------------------ [2008-06-10 10:12:54] [EMAIL PROTECTED] Well if nobody else wanna apply it, then Ill take it =) ------------------------------------------------------------------------ [2008-05-30 09:35:31] RQuadling at GMail dot com Gee. Even with a patch, how do I get anyone to pay any attention!? ------------------------------------------------------------------------ [2007-11-12 13:39:29] RQuadling at GMail dot com Description: ------------ The windows version of escapeshellcmd replaces any of the special characters with a space, whereas, on other platforms it escapes them. There is a valid escape character for windows. It is the ^ character. Taking the current set of type-able characters from exec.c, the following is a proof of the ^ working ... 2007/11/12 13:22:42 V:\PHP\PHP5>echo foo ^' bar foo ' bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^" bar foo " bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^# bar foo # bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^$ bar foo $ bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^% bar foo % bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^& bar foo & bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^( bar foo ( bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^) bar foo ) bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^* bar foo * bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^; bar foo ; bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^? bar foo ? bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^[ bar foo [ bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^\ bar foo \ bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^] bar foo ] bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^^ bar foo ^ bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^` bar foo ` bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^{ bar foo { bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^| bar foo | bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^} bar foo } bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^~ bar foo ~ bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^< bar foo < bar 2007/11/12 13:22:43 V:\PHP\PHP5>echo foo ^> bar foo > bar I can't easily emulate 0xA0 and 0xFF in this test. I've included a patch also ... Index: exec.c =================================================================== RCS file: /repository/php-src/ext/standard/exec.c,v retrieving revision 1.125 diff -u -r1.125 exec.c --- exec.c 5 Nov 2007 14:06:19 -0000 1.125 +++ exec.c 12 Nov 2007 13:13:09 -0000 @@ -291,13 +291,12 @@ case '\\': case '\x0A': /* excluding these two */ case '\xFF': -#ifdef PHP_WIN32 - /* since Windows does not allow us to escape these chars, just remove them */ case '%': - cmd[y++] = ' '; - break; -#endif +#ifdef PHP_WIN32 + cmd[y++] = '^'; +#else cmd[y++] = '\\'; +#endif /* fall-through */ default: cmd[y++] = str[x]; http://rquadling.php1h.com/exec.c.patch.txt Reproduce code: --------------- php -r "exec(escapeshellcmd('echo foo | bar'), $a, $b); var_dump($a, $b);" Expected result: ---------------- array(1) { [0]=> string(10) "foo ^| bar" } int(0) Actual result: -------------- array(1) { [0]=> string(9) "foo bar" } int(0) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=43261&edit=1