ID: 31088 Updated by: [EMAIL PROTECTED] Reported By: vdlaag at natlab dot research dot philips dot com -Status: Open +Status: Feedback Bug Type: Program Execution Operating System: RedHat 9.0 PHP Version: 5.0.2 New Comment:
Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try to avoid embedding huge scripts into the report. Please provide a reproduce code that we could run & replicate the problem. Previous Comments: ------------------------------------------------------------------------ [2004-12-14 14:32:47] vdlaag at natlab dot research dot philips dot com Description: ------------ I have a command line tool that adds records to a database. This is the only way for me to access this database. The command line tool works as follows: createRequest -p -i "value1" -l "value2" etc Each option is followed by the value for the record. The -p option is there so that the ID of the new inserted record is returned to standard output. At the command line this works fine. But as soon as a value contains a & the exec function fails. When a value contains parentheses, they are escaped (so that the escape characters are inserted in the database as well). The configure script for php: './configure' '--prefix=/usr/local/php5' '--enable-safe-mode' '--with-apxs2=/usr/local/httpd/bin/apxs' '--with-gd' '--with-mssql=/usr/local/freetds' '--with-pgsql=/usr/local/pgsql' '--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local/openldap' '--with-png-dir=/usr/local/libpng' '--with-zlib-dir=/usr/local/zlib' '--with-jpeg-dir=/usr/local/jpeg' '--with-freetype-dir=/usr/local/freetype/include/freetype2/freetype' '--with-curl=/usr/local/curl' '--with-mime-magic=/usr/share/magic.mime' '--with-xslt-sablot=/usr/local/Sablot' '--with-expat-dir=/usr/local/expat' '--with-libxml-dir=/usr/local/libxml' '--with-pear' I added the folder that holds the cretaeRequest tool to safe_mode_exec_dir in php.ini Reproduce code: --------------- //These options go OK $Options['-i'] = "Add user to group X"; $Options['-l'] = "vdlaag"; //This option makes the exec command fail $Options['-O] = "IP&S"; //This option results in extra slashes // it yields: Great stuff \(is it not\) $Options['-a'] = "Great stuff (is it not)" $Exec = $_SERVER['DOCUMENT_ROOT'] . "/vdlaag/NewUserForm/IPS/createRequest -p"; foreach ($Options as $option => $value) { $Exec .= " " . $option . " '" . $value . "'"; } $HDTCase = exec($Exec); Expected result: ---------------- I expect to get a number back from the exec command. This happens OK if there are no "weird" charachters in any of the values (like &). Actual result: -------------- It returns nothing and the rest of my script fails as a result. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31088&edit=1