From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 8 Apr 2008 17:17:07 +0000 (+0000)
Subject: MFB: Bug #44650	escaepshellscmd() does not check arg count (port from 5.3)
X-Git-Tag: php-5.2.6RC5~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=edf54b5468b38bd34c2801f0c2657af62435ff00;p=php

MFB: Bug #44650	escaepshellscmd() does not check arg count (port from 5.3)
---

diff --git a/NEWS b/NEWS
index 091d70f303..a4a3de59da 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP                                                                        NEWS
 ?? Apr 2008, PHP 5.2.6
 - Fixed bug #44667 (proc_open() does not handle pipes with the mode 'wb'
   correctly). (Jani)
+- Fixed bug #44650 (escaepshellscmd() does not check arg count). (Ilia)
 - Fixed bug #44591 (imagegif's filename parameter). (Felipe)
 - Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build)
   (stotty at tvnet dot hu)
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 2906f87d1d..6553c3b8ba 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -400,18 +400,19 @@ char *php_escape_shell_arg(char *str) {
    Escape shell metacharacters */
 PHP_FUNCTION(escapeshellcmd)
 {
-	zval **arg1;
+	char *command;
+	int command_len;
 	char *cmd = NULL;
 
-	if (zend_get_parameters_ex(1, &arg1) == FAILURE) {
-		WRONG_PARAM_COUNT;
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) {
+		return;
 	}
-	
-	convert_to_string_ex(arg1);
-	if (Z_STRLEN_PP(arg1)) {
-		cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1));
-		RETVAL_STRING(cmd, 1);
-		efree(cmd);
+
+	if (command_len) {
+		cmd = php_escape_shell_cmd(command);
+		RETVAL_STRING(cmd, 0);
+	} else {
+		RETVAL_EMPTY_STRING();
 	}
 }
 /* }}} */