From 48e10ec9c4cff1e7a34393690801fe8d6cc28408 Mon Sep 17 00:00:00 2001
From: "Thies C. Arntzen" <thies@php.net>
Date: Thu, 6 Jan 2000 15:27:03 +0000
Subject: [PATCH] =?utf8?q?@-=20Applied=20safe-mode=20patch=20to=20popen().?=
 =?utf8?q?=20(Patch=20by=20Kristian=20K=C3=B6hntopp)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 ext/standard/file.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 883a5daad8..f40a80caef 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -26,6 +26,7 @@
 #include "php.h"
 #include "php_globals.h"
 #include "ext/standard/flock_compat.h"
+#include "ext/standard/exec.h"
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -712,7 +713,7 @@ PHP_FUNCTION(popen)
 {
 	pval **arg1, **arg2;
 	FILE *fp;
-	char *p;
+	char *p,*tmp = NULL;
 	char *b, buf[1024];
 	PLS_FETCH();
 	
@@ -741,7 +742,11 @@ PHP_FUNCTION(popen)
 		} else {
 			snprintf(buf,sizeof(buf),"%s/%s",PG(safe_mode_exec_dir),(*arg1)->value.str.val);
 		}
-		fp = popen(buf,p);
+
+		tmp = php_escape_shell_cmd(buf);
+		fp = popen(tmp,p);
+		efree(tmp);
+
 		if (!fp) {
 			php_error(E_WARNING,"popen(\"%s\",\"%s\") - %s",buf,p,strerror(errno));
 			RETURN_FALSE;
-- 
2.40.0