On Fri, Jul 06, 2007 at 01:29:31 +0300, Tzachi Tager wrote:
> Hi,
> I was looking at Bug #40928 - escapeshellarg() does not quote percent
> (%) correctly for cmd.exe.
> This bug seems to be because escapeshellarg() in Windows replaces '%'
> and '"' with spaces, while assuming there isn't a real escaping method
> for command line in Windows. Therefore I'm guessing no one really use
> escapeshellarg() or escapeshellcmd() on Windows. And in order to change
> this I suggest to use the command line escaping that does exists
> (although looking a bit ugly), as you can see for example here:
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs
> /en-us/ntcmds_shelloverview.mspx?mfr=true , quoting: "You can use most
> characters as variable values, including white space. If you use the
> special characters <, >, |, &, or ^, you must precede them with the
> escape character (^) or quotation marks." - So all special characters
> will be replaced with "^<char>".
> So this is the diff file that I suggest to use- it for sure fix the
> above bug and may improve windows escapeshellcmd():
Hi, I'm the guy who reported the bug originally.
When I read your post now, I just realized that maybe there should be a
different set of escaping functions for win32 ("escapewin32arg" or
"escapecmdarg"?), so that the behaviour of escapeshellarg() does not change
across platforms. (What if you want to dynamically generate a downloadable
unix shell script, for example.)
Your patch was a bit difficult to read (too little context and not in
unidiff format), so I'll leave the commenting for those more familiar
with the C source.
Thanks for working on the problem, anyway!
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
