Add EscapeShellArg() function which turns a b into 'a b' and

a'b into 'a'\''b'
@Add EscapeShellArg() function (Rasmus)

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 4a0ae534e3766d081dfa24bd1ba9ba5cc7ebbcbe..859f15a55c4d48a19be1f7332733ce3af22de588 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -212,6 +212,7 @@ function_entry basic_functions[] = {
        PHP_FE(exec,                                                                    second_and_third_args_force_ref)
        PHP_FE(system,                                                                  second_arg_force_ref)
        PHP_FE(escapeshellcmd,                                                  NULL)
+       PHP_FE(escapeshellarg,                                                  NULL)
        PHP_FE(passthru,                                                                second_arg_force_ref)
        PHP_FE(shell_exec,                                                              NULL)
 

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 9884f68656d98ec64174aee20776fb11ac1a92e3..088f856d187dbab0e734c1e122c71ad08afbe7cc 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -314,7 +314,7 @@ char * php_escape_shell_cmd(char *str) {
        cmd = emalloc(2 * l + 1);
        strcpy(cmd, str);
        for (x = 0; cmd[x]; x++) {
-               if (php_get_index("&;`'\"|*?~<>^()[]{}$\\\x0A\xFF", cmd[x]) != -1) {
+               if (php_get_index("#&;`'\"|*?~<>^()[]{}$\\\x0A\xFF", cmd[x]) != -1) {
                        for (y = l + 1; y > x; y--)
                                cmd[y] = cmd[y - 1];
                        l++;                            /* length has been increased */
@@ -325,6 +325,32 @@ char * php_escape_shell_cmd(char *str) {
        return cmd;
 }
 
+char * php_escape_shell_arg(char *str) {
+       register int x, y, l;
+       char *cmd;
+
+       l = strlen(str);
+       cmd = emalloc(4 * l + 3);
+       cmd[0] = '\'';
+       strcpy(cmd+1, str);
+       l++;
+
+       for (x = 1; cmd[x]; x++) {
+               if (cmd[x] == '\'') {
+                       for (y = l + 3; y > x+1; y--) {
+                               cmd[y] = cmd[y - 3];
+                       }
+                       cmd[++x] = '\\';
+                       cmd[++x] = '\'';
+                       cmd[++x] = '\'';
+                       l+=3;                           /* length was increased by 3 */
+               }
+       }
+       cmd[l++] = '\'';
+       cmd[l] = '\0';
+       return cmd;
+}
+
 /* {{{ proto string escapeshellcmd(string command)
    Escape shell metacharacters */
 PHP_FUNCTION(escapeshellcmd)
@@ -345,6 +371,26 @@ PHP_FUNCTION(escapeshellcmd)
 }
 /* }}} */
 
+/* {{{ proto string escapeshellarg(string arg)
+   Quote and escape an argument for use in a shell command */
+PHP_FUNCTION(escapeshellarg)
+{
+       pval **arg1;
+       char *cmd = NULL;
+
+       if (zend_get_parameters_ex(1, &arg1) == FAILURE) {
+               WRONG_PARAM_COUNT;
+       }
+       
+       convert_to_string_ex(arg1);
+       if ((*arg1)->value.str.len) {
+               cmd = php_escape_shell_arg((*arg1)->value.str.val);
+               RETVAL_STRING(cmd, 1);
+               efree(cmd);
+       }
+}
+/* }}} */
+
 /* {{{ proto string shell_exec(string cmd)
    Use pclose() for FILE* that has been opened via popen() */
 PHP_FUNCTION(shell_exec)

diff --git a/ext/standard/exec.h b/ext/standard/exec.h
index d96a4d81ce5da773b9d9724d202c7dfd1533ba77..dff1df810086e88ed04edeca865ad1bbeeb2a31a 100644 (file)
--- a/ext/standard/exec.h
+++ b/ext/standard/exec.h
@@ -24,6 +24,7 @@
 PHP_FUNCTION(system);
 PHP_FUNCTION(exec);
 PHP_FUNCTION(escapeshellcmd);
+PHP_FUNCTION(escapeshellarg);
 PHP_FUNCTION(passthru);
 PHP_FUNCTION(shell_exec);