diff options
| author | Rui Hirokawa <hirokawa@php.net> | 2011-10-23 13:49:54 +0000 |
|---|---|---|
| committer | Rui Hirokawa <hirokawa@php.net> | 2011-10-23 13:49:54 +0000 |
| commit | f17a21549319c2ea882649ab1225b8b4f2133eec (patch) | |
| tree | 7e85d97ab517a2a15bab5b95bd7a29dbf50ab3a5 | |
| parent | 71a94c2225b90c3f303de951eb29311910566f05 (diff) | |
| download | php-git-f17a21549319c2ea882649ab1225b8b4f2133eec.tar.gz | |
fixed bug #60116 escapeshellcmd() cannot escape the dangerous quotes.
| -rw-r--r-- | ext/standard/basic_functions.c | 1 | ||||
| -rw-r--r-- | ext/standard/exec.c | 49 | ||||
| -rw-r--r-- | ext/standard/exec.h | 4 |
3 files changed, 45 insertions, 9 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 568e719e03..fa80fd230d 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -3614,6 +3614,7 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */ #endif register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU); + register_exec_constants(INIT_FUNC_ARGS_PASSTHRU); register_html_constants(INIT_FUNC_ARGS_PASSTHRU); register_string_constants(INIT_FUNC_ARGS_PASSTHRU); diff --git a/ext/standard/exec.c b/ext/standard/exec.c index ac96fe6815..ab3100dfbc 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -50,6 +50,16 @@ #include <unistd.h> #endif +/* {{{ register_exec_constants + * */ +void register_exec_constants(INIT_FUNC_ARGS) +{ + REGISTER_LONG_CONSTANT("ESCAPE_CMD_PAIR", ESCAPE_CMD_PAIR, CONST_PERSISTENT|CONST_CS); + REGISTER_LONG_CONSTANT("ESCAPE_CMD_END", ESCAPE_CMD_END, CONST_PERSISTENT|CONST_CS); + REGISTER_LONG_CONSTANT("ESCAPE_CMD_ALL", ESCAPE_CMD_ALL, CONST_PERSISTENT|CONST_CS); +} +/* }}} */ + /* {{{ php_exec * If type==0, only last line of output is returned (exec) * If type==1, all lines will be printed and last lined returned (system) @@ -238,7 +248,7 @@ PHP_FUNCTION(passthru) *NOT* safe for binary strings */ -PHPAPI char *php_escape_shell_cmd(char *str) +PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag) { register int x, y, l = strlen(str); char *cmd; @@ -266,14 +276,26 @@ PHPAPI char *php_escape_shell_cmd(char *str) #ifndef PHP_WIN32 case '"': case '\'': - if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) { - /* noop */ - } else if (p && *p == str[x]) { - p = NULL; - } else { + if (flag == ESCAPE_CMD_ALL) { cmd[y++] = '\\'; + cmd[y++] = str[x]; + } else if (flag == ESCAPE_CMD_END) { + if (x == 0 || x == l - 1) { + cmd[y++] = str[x]; + } else { + cmd[y++] = '\\'; + cmd[y++] = str[x]; + } + } else { /* ESCAPE_CMD_PAIR */ + if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) { + /* noop */ + } else if (p && *p == str[x]) { + p = NULL; + } else { + cmd[y++] = '\\'; + } + cmd[y++] = str[x]; } - cmd[y++] = str[x]; break; #else /* % is Windows specific for enviromental variables, ^%PATH% will @@ -327,6 +349,14 @@ PHPAPI char *php_escape_shell_cmd(char *str) } /* }}} */ +/* {{{ php_escape_shell_cmd + */ +PHPAPI char *php_escape_shell_cmd(char *str) +{ + return php_escape_shell_cmd_ex(str, ESCAPE_CMD_PAIR); +} +/* }}} */ + /* {{{ php_escape_shell_arg */ PHPAPI char *php_escape_shell_arg(char *str) @@ -397,14 +427,15 @@ PHP_FUNCTION(escapeshellcmd) { char *command; int command_len; + long flag = ESCAPE_CMD_PAIR; char *cmd = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &command, &command_len, &flag) == FAILURE) { return; } if (command_len) { - cmd = php_escape_shell_cmd(command); + cmd = php_escape_shell_cmd_ex(command, flag); RETVAL_STRING(cmd, 0); } else { RETVAL_EMPTY_STRING(); diff --git a/ext/standard/exec.h b/ext/standard/exec.h index 394ac213ca..f6b1fa42e9 100644 --- a/ext/standard/exec.h +++ b/ext/standard/exec.h @@ -21,6 +21,10 @@ #ifndef EXEC_H #define EXEC_H +#define ESCAPE_CMD_PAIR 0 +#define ESCAPE_CMD_END 1 +#define ESCAPE_CMD_ALL 2 + PHP_FUNCTION(system); PHP_FUNCTION(exec); PHP_FUNCTION(escapeshellcmd); |