From 7c70a8f8c203d0cab6436d59cdd35325be5f686e Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 5 Aug 2003 20:16:47 +0000
Subject: [PATCH] MFH: Fixed bug #18291 (escapeshellcmd() can now handle quoted
 arguments)

---
 NEWS                |  1 +
 ext/standard/exec.c | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 1aa1de21fa..b4ddad7084 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ PHP 4                                                                      NEWS
 - Fixed bug #22072 (Apache2 sapis do not detect aborted connections). (Ilia)
 - Fixed bug #21611 (version_compare() does not support "p" as suffix).
   (Stefan Walk)
+- Fixed bug #18291 (escapeshellcmd() can now handle quoted arguments). (Ilia)
 - Fixed bug #17414 (pthreads bug workaround). (timo.teras[at]iki.fi)
 
 30 Jul 2003, Version 4.3.3RC2
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 4c573c6032..80e247e11b 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -401,18 +401,28 @@ PHP_FUNCTION(passthru)
 char *php_escape_shell_cmd(char *str) {
 	register int x, y, l;
 	char *cmd;
+	char *p = NULL;
 
 	l = strlen(str);
 	cmd = emalloc(2 * l + 1);
 	
 	for (x = 0, y = 0; x < l; x++) {
 		switch (str[x]) {
+			case '"':
+			case '\'':
+				if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
+					/* noop */
+				} else if (p && *p == str[x]) {
+					p = NULL;
+				} else {
+					cmd[y++] = '\\';
+				}
+				cmd[y++] = str[x];
+				break;
 			case '#': /* This is character-set independent */
 			case '&':
 			case ';':
 			case '`':
-			case '\'':
-			case '"':
 			case '|':
 			case '*':
 			case '?':
-- 
2.50.1