MFB: Bug #44650 escaepshellscmd() does not check arg count (port from 5.3)

diff --git a/NEWS b/NEWS
index 091d70f3035698fc9f579d5a7a0620d0dfde1e95..a4a3de59da040cb4360787a084b56dab025bd7b1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? Apr 2008, PHP 5.2.6
 - Fixed bug #44667 (proc_open() does not handle pipes with the mode 'wb'
   correctly). (Jani)
+- Fixed bug #44650 (escaepshellscmd() does not check arg count). (Ilia)
 - Fixed bug #44591 (imagegif's filename parameter). (Felipe)
 - Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build)
   (stotty at tvnet dot hu)

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 2906f87d1d7dd01f979276fb4fcb4e8e36249133..6553c3b8ba4fad1fb5e8f9dbc54696d9efa9fec5 100644 (file)
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -400,18 +400,19 @@ char *php_escape_shell_arg(char *str) {
    Escape shell metacharacters */
 PHP_FUNCTION(escapeshellcmd)
 {
-       zval **arg1;
+       char *command;
+       int command_len;
        char *cmd = NULL;
 
-       if (zend_get_parameters_ex(1, &arg1) == FAILURE) {
-               WRONG_PARAM_COUNT;
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) {
+               return;
        }
-       
-       convert_to_string_ex(arg1);
-       if (Z_STRLEN_PP(arg1)) {
-               cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1));
-               RETVAL_STRING(cmd, 1);
-               efree(cmd);
+
+       if (command_len) {
+               cmd = php_escape_shell_cmd(command);
+               RETVAL_STRING(cmd, 0);
+       } else {
+               RETVAL_EMPTY_STRING();
        }
 }
 /* }}} */