Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:30483 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 29301 invoked by uid 1010); 6 Jul 2007 06:45:31 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 29285 invoked from network); 6 Jul 2007 06:45:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jul 2007 06:45:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=frode@CoreTrek.no; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=frode@CoreTrek.no; sender-id=unknown Received-SPF: error (pb1.pair.com: domain CoreTrek.no from 80.239.119.81 cause and error) X-PHP-List-Original-Sender: frode@CoreTrek.no X-Host-Fingerprint: 80.239.119.81 ragnaros.coretrek.no Received: from [80.239.119.81] ([80.239.119.81:63645] helo=ragnaros.coretrek.no) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B3/B2-05511-BF4ED864 for ; Fri, 06 Jul 2007 02:45:20 -0400 Received: from localhost (localhost [127.0.0.1]) by ragnaros.coretrek.no (Postfix) with ESMTP id 11579198478; Fri, 6 Jul 2007 08:48:27 +0200 (CEST) X-Virus-Scanned: amavisd-new at ragnaros.coretrek.no Received: from ragnaros.coretrek.no ([127.0.0.1]) by localhost (ragnaros.coretrek.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKWhDAYpNQAw; Fri, 6 Jul 2007 08:48:23 +0200 (CEST) Received: from enterprise.intra.coretrek.com (phobos.coretrek.no [80.239.119.10]) by ragnaros.coretrek.no (Postfix) with ESMTP id 8FA7F198437; Fri, 6 Jul 2007 08:48:23 +0200 (CEST) Received: from fearless.intra.coretrek.com (enterprise.intra.coretrek.com [10.0.0.2]) by enterprise.intra.coretrek.com (8.13.1/8.11.0) with ESMTP id l666j004034294; Fri, 6 Jul 2007 08:45:00 +0200 (CEST) (envelope-from frode@CoreTrek.no) Received: by fearless.intra.coretrek.com (Postfix, from userid 1001) id D91A142C145; Fri, 6 Jul 2007 08:42:19 +0200 (CEST) Date: Fri, 6 Jul 2007 08:42:19 +0200 To: Tzachi Tager Cc: internals@lists.php.net Message-ID: <20070706064219.GA4515@fearless.intra.coretrek.com> References: <06B0D32C7A96544490D18AF653D6BDE501075DCE@il-ex1.zend.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <06B0D32C7A96544490D18AF653D6BDE501075DCE@il-ex1.zend.net> X-Operating-System: Debian GNU/Linux Unstable (sid) i386 X-PGP-Key: http://corehacker.com/~frode/gpg/ X-PGP-Key-FingerPrint: DA78 4CFF E1E5 068A 9B33 11F4 5DFE 74D0 3907 BED0 User-Agent: Mutt/1.5.16 (2007-06-11) Subject: Re: [PHP-DEV] Suggestion for fixing Bug #40928 From: frode@CoreTrek.no ("Frode E. Moe") On Fri, Jul 06, 2007 at 01:29:31 +0300, Tzachi Tager wrote: > Hi, > I was looking at Bug #40928 - escapeshellarg() does not quote percent > (%) correctly for cmd.exe. > This bug seems to be because escapeshellarg() in Windows replaces '%' > and '"' with spaces, while assuming there isn't a real escaping method > for command line in Windows. Therefore I'm guessing no one really use > escapeshellarg() or escapeshellcmd() on Windows. And in order to change > this I suggest to use the command line escaping that does exists > (although looking a bit ugly), as you can see for example here: > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs > /en-us/ntcmds_shelloverview.mspx?mfr=true , quoting: "You can use most > characters as variable values, including white space. If you use the > special characters <, >, |, &, or ^, you must precede them with the > escape character (^) or quotation marks." - So all special characters > will be replaced with "^". > So this is the diff file that I suggest to use- it for sure fix the > above bug and may improve windows escapeshellcmd(): Hi, I'm the guy who reported the bug originally. When I read your post now, I just realized that maybe there should be a different set of escaping functions for win32 ("escapewin32arg" or "escapecmdarg"?), so that the behaviour of escapeshellarg() does not change across platforms. (What if you want to dynamically generate a downloadable unix shell script, for example.) Your patch was a bit difficult to read (too little context and not in unidiff format), so I'll leave the commenting for those more familiar with the C source. Thanks for working on the problem, anyway!