ID: 31088
Updated by: [EMAIL PROTECTED]
Reported By: vdlaag at natlab dot research dot philips dot com
-Status: Open
+Status: Feedback
Bug Type: Program Execution
Operating System: RedHat 9.0
PHP Version: 5.0.2
New Comment:
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves.
A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external
resources such as databases, etc.
If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.
Please provide a reproduce code that we could run & replicate the
problem.
Previous Comments:
------------------------------------------------------------------------
[2004-12-14 14:32:47] vdlaag at natlab dot research dot philips dot com
Description:
------------
I have a command line tool that adds records to a database. This is the
only way for me to access this database.
The command line tool works as follows:
createRequest -p -i "value1" -l "value2" etc
Each option is followed by the value for the record.
The -p option is there so that the ID of the new inserted record is
returned to standard output.
At the command line this works fine. But as soon as a value contains a
& the exec function fails. When a value contains parentheses, they are
escaped (so that the escape characters are inserted in the database as
well).
The configure script for php:
'./configure' '--prefix=/usr/local/php5' '--enable-safe-mode'
'--with-apxs2=/usr/local/httpd/bin/apxs' '--with-gd'
'--with-mssql=/usr/local/freetds' '--with-pgsql=/usr/local/pgsql'
'--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local/openldap'
'--with-png-dir=/usr/local/libpng' '--with-zlib-dir=/usr/local/zlib'
'--with-jpeg-dir=/usr/local/jpeg'
'--with-freetype-dir=/usr/local/freetype/include/freetype2/freetype'
'--with-curl=/usr/local/curl' '--with-mime-magic=/usr/share/magic.mime'
'--with-xslt-sablot=/usr/local/Sablot'
'--with-expat-dir=/usr/local/expat'
'--with-libxml-dir=/usr/local/libxml' '--with-pear'
I added the folder that holds the cretaeRequest tool to
safe_mode_exec_dir in php.ini
Reproduce code:
---------------
//These options go OK
$Options['-i'] = "Add user to group X";
$Options['-l'] = "vdlaag";
//This option makes the exec command fail
$Options['-O] = "IP&S";
//This option results in extra slashes
// it yields: Great stuff \(is it not\)
$Options['-a'] = "Great stuff (is it not)"
$Exec = $_SERVER['DOCUMENT_ROOT'] .
"/vdlaag/NewUserForm/IPS/createRequest -p";
foreach ($Options as $option => $value)
{
$Exec .= " " . $option . " '" . $value . "'";
}
$HDTCase = exec($Exec);
Expected result:
----------------
I expect to get a number back from the exec command. This happens OK if
there are no "weird" charachters in any of the values (like &).
Actual result:
--------------
It returns nothing and the rest of my script fails as a result.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=31088&edit=1
