ID: 44650
Updated by: [EMAIL PROTECTED]
Reported By: wharmby at uk dot ibm dot com
-Status: Open
+Status: Assigned
Bug Type: Scripting Engine problem
Operating System: Windows XP
PHP Version: 5.2.6RC4
-Assigned To:
+Assigned To: iliaa
New Comment:
Will be fixed post 5.2.6
Previous Comments:
------------------------------------------------------------------------
[2008-04-06 08:40:52] wharmby at uk dot ibm dot com
Description:
------------
Calling escapeshellcmd() with more than 1 argument does not result in
expected warning msg; any spurious arguments are just ignored.
Suggest changing code to:
PHP_FUNCTION(escapeshellcmd)
{
zval **arg1;
char *cmd = NULL;
if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &arg1) ==
FAILURE)
{
WRONG_PARAM_COUNT;
}
convert_to_string_ex(arg1);
if (Z_STRLEN_PP(arg1)) {
cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1));
RETVAL_STRING(cmd, 1);
efree(cmd);
}
}
or better still the following based on the code now in PHP 6 :
PHP_FUNCTION(escapeshellcmd)
{
char *command
int command_len;
char *cmd = NULL;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command,
&command_len) == FAILURE) {
return;
}
if (command_len) {
cmd = php_escape_shell_cmd(command);
RETVAL_STRING(cmd, 0);
} else {
RETVAL_EMPTY_STRING();
}
}
Reproduce code:
---------------
<?php
$command= "Mr O'Neil";
$extra_arg = 10;
var_dump( escapeshellcmd($command, $extra_arg) );
?>
Expected result:
----------------
A warning msg. With suggested fix the following output will result:
Warning: escapeshellcmd() expects exactly 1 parameter, 2 given in
<...> on line nn
NULL
Actual result:
--------------
Actual Output:
-------------------
string(9) "Mr O Neil"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44650&edit=1
