Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:30468 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 90930 invoked by uid 1010); 5 Jul 2007 22:26:49 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 90902 invoked from network); 5 Jul 2007 22:26:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jul 2007 22:26:49 -0000 Authentication-Results: pb1.pair.com smtp.mail=tzachi@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tzachi@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: tzachi@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Windows 2000 SP4, XP SP1 Received: from [212.25.124.162] ([212.25.124.162:58524] helo=mx1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E6/B0-15236-5207D864 for ; Thu, 05 Jul 2007 18:26:47 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 6 Jul 2007 01:29:31 +0300 Message-ID: <06B0D32C7A96544490D18AF653D6BDE501075DCE@il-ex1.zend.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Suggestion for fixing Bug #40928 Thread-Index: Ace/U/UUDiA6+hNPQP2blZSgzn4Nsg== To: Subject: Suggestion for fixing Bug #40928 From: tzachi@zend.com ("Tzachi Tager") Hi, I was looking at Bug #40928 - escapeshellarg() does not quote percent (%) correctly for cmd.exe. This bug seems to be because escapeshellarg() in Windows replaces '%' and '"' with spaces, while assuming there isn't a real escaping method for command line in Windows. Therefore I'm guessing no one really use escapeshellarg() or escapeshellcmd() on Windows. And in order to change this I suggest to use the command line escaping that does exists (although looking a bit ugly), as you can see for example here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs /en-us/ntcmds_shelloverview.mspx?mfr=3Dtrue , quoting: "You can use most characters as variable values, including white space. If you use the special characters <, >, |, &, or ^, you must precede them with the escape character (^) or quotation marks." - So all special characters will be replaced with "^". So this is the diff file that I suggest to use- it for sure fix the above bug and may improve windows escapeshellcmd(): cvs diff -- exec.c (in directory C:\php-src\ext\standard\) Index: exec.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /repository/php-src/ext/standard/exec.c,v retrieving revision 1.113.2.3.2.1 diff -r1.113.2.3.2.1 exec.c 275d274 < case '\'': 276a276,277 > case '\'': > #endif 281a283 > #ifndef PHP_WIN32 282a285,289 > #else > cmd[y++] =3D '"'; > cmd[y++] =3D '^'; > cmd[y++] =3D str[x]; > #endif =09 286,287d292 < #endif < case '#': /* This is character-set independent */ 289,290d293 < case ';': < case '`': 292,294d294 < case '*': < case '?': < case '~': 299a300,313 > #ifdef PHP_WIN32 > case '%': > cmd[y++] =3D '"'; > cmd[y++] =3D '^'; > cmd[y++] =3D str[x]; > cmd[y++] =3D '"'; =09 > break; > #endif > case '#': /* This is character-set independent */ > case ';': > case '`':=20 > case '*': > case '?': > case '~':=09 305d318 < case '\\': 309,310c322 < /* since Windows does not allow us to escape these chars, just remove them */ < case '%': --- > /* since Windows does not allow us to escape these chars, just remove them */ 313a326 > case '\\': 347d359 < case '%': Comments will be greatly appreciated. All the best, Tzachi Tager.