From: heromantor at users dot sourceforge dot net
Operating system: windows xp sp2
PHP version: 5.2.10
PHP Bug Type: CGI related
Bug description: escapeshellarg dosn`t work on windows
Description:
------------
escapeshellarg function dosn`t work properly on windows platform. Problem
in " \ and % chars handling.
this patch fix this problem
--- exec.c Wed Sep 2 22:41:27 2009
+++ exec_fixed.c Wed Sep 2 22:40:50 2009
@@ -352,6 +352,11 @@
cmd = safe_emalloc(4, l, 3); /* worst case */
#ifdef PHP_WIN32
+# define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+ for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+ cmd[y++] = '\\'; \
+ }
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
@@ -372,10 +377,16 @@
switch (str[x]) {
#ifdef PHP_WIN32
- case '"':
- case '%':
- cmd[y++] = ' ';
- break;
+ case '%':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ cmd[y++] = '%';
+ cmd[y++] = '"';
+ break;
+ case '"':
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+ cmd[y++] = '"';
+ /* fall-through */
#else
case '\'':
cmd[y++] = '\'';
@@ -388,6 +399,9 @@
}
}
#ifdef PHP_WIN32
+ PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+# undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
cmd[y++] = '"';
#else
cmd[y++] = '\'';
and some test cases
P A T H => "P A T H"
%PATH% => ""%"PATH"%""
a%PATH%b => "a"%"PATH"%"b"
%%PATH%% => ""%""%"PATH"%""%""
"PATH" => """PATH"""
"%PATH%" => """"%"PATH"%""""
\P\A\T\H => "\P\A\T\H"
\P\A\T\H\ => "\P\A\T\H\\"
\%\%\ => "\\"%"\\"%"\\"
a\\%b\\c%\\ => "a\\\\"%"b\\c"%"\\\\"
"a\" => """a\\"""
a\" => "a\\"""
a\"^|^&^(^) => "a\\""^|^&^(^)"
PATH\%\ => "PATH\\"%"\\"
Reproduce code:
---------------
<?php
print_r(escapeshellarg("%PATH%") . PHP_EOL);
print_r(escapeshellarg("c:\\temp\\") . PHP_EOL);
print_r(escapeshellarg('\\"') . PHP_EOL);
Expected result:
----------------
""%"PATH"%""
"c:\temp\\"
"\\"""
Actual result:
--------------
" PATH "
"c:\temp\"
"\ "
--
Edit bug report at http://bugs.php.net/?id=49446&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49446&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49446&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49446&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49446&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=49446&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49446&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=49446&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=49446&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=49446&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=49446&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=49446&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=49446&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=49446&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49446&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49446&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=49446&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=49446&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=49446&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=49446&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=49446&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=49446&r=mysqlcfg
