[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: hholzgra
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Old Status: Feedback
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
Previous Comments:
[2002-01-22 03:20:21] [EMAIL PROTECTED]
I don't get anything weird on PHP 4.2.0-dev with this
script:
?php
error_reporting(E_ALL);
exec('whois -h whois.denic.de Penelope Cruz', $output);
print_r($output);
?
The above outputs the same thing as running the command at
the prompt. What do you get from the above script?
Torben
[2002-01-22 03:12:55] [EMAIL PROTECTED]
The exec/system-Functions don't work with calls like this:
whois -h whois.denic.de Penelope Cruz
The problem is the string Penelope Cruz, which has to be one
parameter for the whois-function. Without quotation marks, the string
is used as two parameters - even when they're connected with \ -
(Penelope\ Cruz).
And with quotation marks, PHP executes the command with Penelope Cruz
as one string, BUT WITH the quotation marks included.
I tried several other ways (with system(), too), but none of them
worked:
exec(whois -h whois.denic.de Penelope\ Cruz);
exec(whois -h whois.denic.de \Penelope\ Cruz\);
exec(whois -h whois.denic.de \Penelope Cruz\);
exec(whois -h whois.denic.de 'Penelope\ Cruz');
exec(whois -h whois.denic.de .''.Penelope Cruz.''.);
...
My config:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-zlib=/usr' '--with-curl=/usr/local'
'--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local'
'--with-openssl' '--enable-ftp'
The problem was the same with Linux (Debian Potato) and Solaris8
Greets,
Oliver.
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
Previous Comments:
[2002-01-22 03:20:22] [EMAIL PROTECTED]
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
[2002-01-22 03:20:21] [EMAIL PROTECTED]
I don't get anything weird on PHP 4.2.0-dev with this
script:
?php
error_reporting(E_ALL);
exec('whois -h whois.denic.de Penelope Cruz', $output);
print_r($output);
?
The above outputs the same thing as running the command at
the prompt. What do you get from the above script?
Torben
[2002-01-22 03:12:55] [EMAIL PROTECTED]
The exec/system-Functions don't work with calls like this:
whois -h whois.denic.de Penelope Cruz
The problem is the string Penelope Cruz, which has to be one
parameter for the whois-function. Without quotation marks, the string
is used as two parameters - even when they're connected with \ -
(Penelope\ Cruz).
And with quotation marks, PHP executes the command with Penelope Cruz
as one string, BUT WITH the quotation marks included.
I tried several other ways (with system(), too), but none of them
worked:
exec(whois -h whois.denic.de Penelope\ Cruz);
exec(whois -h whois.denic.de \Penelope\ Cruz\);
exec(whois -h whois.denic.de \Penelope Cruz\);
exec(whois -h whois.denic.de 'Penelope\ Cruz');
exec(whois -h whois.denic.de .''.Penelope Cruz.''.);
...
My config:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-zlib=/usr' '--with-curl=/usr/local'
'--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local'
'--with-openssl' '--enable-ftp'
The problem was the same with Linux (Debian Potato) and Solaris8
Greets,
Oliver.
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
Previous Comments:
[2002-01-22 04:01:37] [EMAIL PROTECTED]
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
[2002-01-22 03:20:22] [EMAIL PROTECTED]
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
[2002-01-22 03:20:21] [EMAIL PROTECTED]
I don't get anything weird on PHP 4.2.0-dev with this
script:
?php
error_reporting(E_ALL);
exec('whois -h whois.denic.de Penelope Cruz', $output);
print_r($output);
?
The above outputs the same thing as running the command at
the prompt. What do you get from the above script?
Torben
[2002-01-22 03:12:55] [EMAIL PROTECTED]
The exec/system-Functions don't work with calls like this:
whois -h whois.denic.de Penelope Cruz
The problem is the string Penelope Cruz, which has to be one
parameter for the whois-function. Without quotation marks, the string
is used as two parameters - even when they're connected with \ -
(Penelope\ Cruz).
And with quotation marks, PHP executes the command with Penelope Cruz
as one string, BUT WITH the quotation marks included.
I tried several other ways (with system(), too), but none of them
worked:
exec(whois -h whois.denic.de Penelope\ Cruz);
exec(whois -h whois.denic.de \Penelope\ Cruz\);
exec(whois -h whois.denic.de \Penelope Cruz\);
exec(whois -h whois.denic.de 'Penelope\ Cruz');
exec(whois -h whois.denic.de .''.Penelope Cruz.''.);
...
My config:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-zlib=/usr' '--with-curl=/usr/local'
'--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local'
'--with-openssl' '--enable-ftp'
The problem was the same with Linux (Debian Potato) and Solaris8
Greets,
Oliver.
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
Previous Comments:
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
[2002-01-22 04:01:37] [EMAIL PROTECTED]
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
[2002-01-22 03:20:22] [EMAIL PROTECTED]
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
[2002-01-22 03:20:21] [EMAIL PROTECTED]
I don't get anything weird on PHP 4.2.0-dev with this
script:
?php
error_reporting(E_ALL);
exec('whois -h whois.denic.de Penelope Cruz', $output);
print_r($output);
?
The above outputs the same thing as running the command at
the prompt. What do you get from the above script?
Torben
[2002-01-22 03:12:55] [EMAIL PROTECTED]
The exec/system-Functions don't work with calls like this:
whois -h whois.denic.de Penelope Cruz
The problem is the string Penelope Cruz, which has to be one
parameter for the whois-function. Without quotation marks, the string
is used as two parameters - even when they're connected with \ -
(Penelope\ Cruz).
And with quotation marks, PHP executes the command with Penelope Cruz
as one string, BUT WITH the quotation marks included.
I tried several other ways (with system(), too), but none of them
worked:
exec(whois -h whois.denic.de Penelope\ Cruz);
exec(whois -h whois.denic.de \Penelope\ Cruz\);
exec(whois -h whois.denic.de \Penelope Cruz\);
exec(whois -h whois.denic.de 'Penelope\ Cruz');
exec(whois -h whois.denic.de .''.Penelope Cruz.''.);
...
My config:
'./configure' '--with-apxs=/usr/local/apache/bin/apxs'
'--with-zlib=/usr' '--with-curl=/usr/local'
'--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local'
'--with-openssl' '--enable-ftp'
The problem was the same with Linux (Debian Potato) and Solaris8
Greets,
Oliver.
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: hholzgra
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
Previous Comments:
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
[2002-01-22 04:01:37] [EMAIL PROTECTED]
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
[2002-01-22 03:20:22] [EMAIL PROTECTED]
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
[2002-01-22 03:20:21] [EMAIL PROTECTED]
I don't get anything weird on PHP 4.2.0-dev with this
script:
?php
error_reporting(E_ALL);
exec('whois -h whois.denic.de Penelope Cruz', $output);
print_r($output);
?
The above outputs the same thing as running the command at
the prompt. What do you get from the above script?
Torben
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
Previous Comments:
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
[2002-01-22 04:01:37] [EMAIL PROTECTED]
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
[2002-01-22 03:20:22] [EMAIL PROTECTED]
you have to use double \\ to pass a \
to the executing shell as \ is the php
escape character, too
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
Previous Comments:
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
[2002-01-22 04:01:37] [EMAIL PROTECTED]
I tried it, but with PHP I got an empty output from the system-call,
which is the same with wrong parameters for the whois-function. I tried
exactly the same script you posted. There is no difference from my
experience.
May there be a difference with Solaris/Debian/PHP4.1 and your setup?
Please try Dirk Janssen in the whois-query, which returns a valid
denic-result, BUT ONLY if you have a registered host for this query.
I think it's a PHP-Bug, caus the call in the shell returns the right
result.
Greetings,
Oliver.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
Previous Comments:
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
Previous Comments:
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: Dirk Janssen
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: Dirk Janssen
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with Dirk Janssen as
searchstring) returns nothing. If I try it with test.de, which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: test.de
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.
Oliver.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: hholzgra
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
please compile this little C program 'argdump'
---8- argdump.c
#include stdio.h
#include stdlib.h
int main(int argc, char **argv) {
int i;
for(i=0;iargc;i++) printf(%d: %s\n,i,argv[i]);
return EXIT_SUCCESS;
}
8---
and try the following PHP script (with argdump in $PATH)
---8- test.php
?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo \n\n$cmd\n;
print_r($res);
}
do_exec(argdump -h whois.denic.de Penelope\ Cruz);
do_exec(argdump -h whois.denic.de \Penelope\ Cruz\);
do_exec(argdump -h whois.denic.de \Penelope Cruz\);
do_exec(argdump -h whois.denic.de 'Penelope\ Cruz');
do_exec(argdump -h whois.denic.de .''.Penelope Cruz.'');
?
8---
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
Previous Comments:
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Old Status: Bogus
Status: Analyzed
Old Bug Type: Program Execution
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] = % No entries found for the selected source: Dirk Janssen
I take it you don't get the right result from an authorized
server?
Torben
Previous Comments:
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8- argdump.c
#include stdio.h
#include stdlib.h
int main(int argc, char **argv) {
int i;
for(i=0;iargc;i++) printf(%d: %s\n,i,argv[i]);
return EXIT_SUCCESS;
}
8---
and try the following PHP script (with argdump in $PATH)
---8- test.php
?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo \n\n$cmd\n;
print_r($res);
}
do_exec(argdump -h whois.denic.de Penelope\ Cruz);
do_exec(argdump -h whois.denic.de \Penelope\ Cruz\);
do_exec(argdump -h whois.denic.de \Penelope Cruz\);
do_exec(argdump -h whois.denic.de 'Penelope\ Cruz');
do_exec(argdump -h whois.denic.de .''.Penelope Cruz.'');
?
8---
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration
Greets,
Oliver.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
You got it! When I disable the safe_mode, the following works:
exec('whois -h whois.denic.de Dirk Janssen',$output);
The little c-prog returns now (safe-mode off) the right output.
But please tell me: Is it possible to execute a command like this
whois-call in safe-mode? I don't get it to work! And if not, whats the
solution?
Thanx for the support,
Oliver.
Previous Comments:
[2002-01-22 06:10:22] [EMAIL PROTECTED]
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] = % No entries found for the selected source: Dirk Janssen
I take it you don't get the right result from an authorized
server?
Torben
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8- argdump.c
#include stdio.h
#include stdlib.h
int main(int argc, char **argv) {
int i;
for(i=0;iargc;i++) printf(%d: %s\n,i,argv[i]);
return EXIT_SUCCESS;
}
8---
and try the following PHP script (with argdump in $PATH)
---8- test.php
?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo \n\n$cmd\n;
print_r($res);
}
do_exec(argdump -h whois.denic.de Penelope\ Cruz);
do_exec(argdump -h whois.denic.de \Penelope\ Cruz\);
do_exec(argdump -h whois.denic.de \Penelope Cruz\);
do_exec(argdump -h whois.denic.de 'Penelope\ Cruz');
do_exec(argdump -h whois.denic.de .''.Penelope Cruz.'');
?
8---
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
I forgot to mention, that in safe_mode the whois like Torben described
didn't work. argdump returns, that Dirk and Janssen are different
parameters.
No solution for safe-mode?
Oliver
Previous Comments:
[2002-01-22 06:24:59] [EMAIL PROTECTED]
You got it! When I disable the safe_mode, the following works:
exec('whois -h whois.denic.de Dirk Janssen',$output);
The little c-prog returns now (safe-mode off) the right output.
But please tell me: Is it possible to execute a command like this
whois-call in safe-mode? I don't get it to work! And if not, whats the
solution?
Thanx for the support,
Oliver.
[2002-01-22 06:10:22] [EMAIL PROTECTED]
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] = % No entries found for the selected source: Dirk Janssen
I take it you don't get the right result from an authorized
server?
Torben
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8- argdump.c
#include stdio.h
#include stdlib.h
int main(int argc, char **argv) {
int i;
for(i=0;iargc;i++) printf(%d: %s\n,i,argv[i]);
return EXIT_SUCCESS;
}
8---
and try the following PHP script (with argdump in $PATH)
---8- test.php
?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo \n\n$cmd\n;
print_r($res);
}
do_exec(argdump -h whois.denic.de Penelope\ Cruz);
do_exec(argdump -h whois.denic.de \Penelope\ Cruz\);
do_exec(argdump -h whois.denic.de \Penelope Cruz\);
do_exec(argdump -h whois.denic.de 'Penelope\ Cruz');
do_exec(argdump -h whois.denic.de .''.Penelope Cruz.'');
?
8---
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #15157 Updated: exec()/system() doesn't work with parameters in quotation-marks in system-call
ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
We should better continue tomorrow... Good night!
Oliver.
Previous Comments:
[2002-01-22 06:35:27] [EMAIL PROTECTED]
None that I'm aware of at the moment, but I don't use
safe_mode much so that doesn't necessarily mean anything. :)
The other problem is that it's 3:33 in the morning here and
I'm just about unable to think straight. For the time being,
if you have access to the server configs, maybe you can just
turn off safe_mode for that host?
Good night,
Torben
[2002-01-22 06:30:28] [EMAIL PROTECTED]
I forgot to mention, that in safe_mode the whois like Torben described
didn't work. argdump returns, that Dirk and Janssen are different
parameters.
No solution for safe-mode?
Oliver
[2002-01-22 06:24:59] [EMAIL PROTECTED]
You got it! When I disable the safe_mode, the following works:
exec('whois -h whois.denic.de Dirk Janssen',$output);
The little c-prog returns now (safe-mode off) the right output.
But please tell me: Is it possible to execute a command like this
whois-call in safe-mode? I don't get it to work! And if not, whats the
solution?
Thanx for the support,
Oliver.
[2002-01-22 06:10:22] [EMAIL PROTECTED]
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] = % No entries found for the selected source: Dirk Janssen
I take it you don't get the right result from an authorized
server?
Torben
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8- argdump.c
#include stdio.h
#include stdlib.h
int main(int argc, char **argv) {
int i;
for(i=0;iargc;i++) printf(%d: %s\n,i,argv[i]);
return EXIT_SUCCESS;
}
8---
and try the following PHP script (with argdump in $PATH)
---8- test.php
?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo \n\n$cmd\n;
print_r($res);
}
do_exec(argdump -h whois.denic.de Penelope\ Cruz);
do_exec(argdump -h whois.denic.de \Penelope\ Cruz\);
do_exec(argdump -h whois.denic.de \Penelope Cruz\);
do_exec(argdump -h whois.denic.de 'Penelope\ Cruz');
do_exec(argdump -h whois.denic.de .''.Penelope Cruz.'');
?
8---
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope\ Cruz
)
argdump -h whois.denic.de Penelope Cruz
Array
(
[0] = 0: argdump
[1] = 1: -h
[2] = 2: whois.denic.de
[3] = 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
