Fixed bug #18291 (escapeshellcmd() can now handle quoted arguments).

author Ilia Alshanetsky <iliaa@php.net>

Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)
diff --git a/ext/standard/exec.c b/ext/standard/exec.c

index 768b0d364c4d1d45680e233abaa5c5711b2aa018..14f02d65f329860d25b3038b8cfc8d1f189be17a 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -260,18 +260,28 @@ PHP_FUNCTION(passthru)
  char *php_escape_shell_cmd(char *str) {
         register int x, y, l;
         char *cmd;
+       char *p = NULL;
  
         l = strlen(str);
         cmd = emalloc(2 * l + 1);
         
         for (x = 0, y = 0; x < l; x++) {
                 switch (str[x]) {
+                       case '"':
+                       case '\'':
+                               if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
+                                       /* noop */
+                               } else if (p && *p == str[x]) {
+                                       p = NULL;
+                               } else {
+                                       cmd[y++] = '\\';
+                               }
+                               cmd[y++] = str[x];
+                               break;
                         case '#': /* This is character-set independent */
                         case '&':
                         case ';':
                         case '`':
-                       case '\'':
-                       case '"':
                         case '|':
                         case '*':
                         case '?':
author	Ilia Alshanetsky <iliaa@php.net>
	Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Tue, 5 Aug 2003 20:15:53 +0000 (20:15 +0000)