ID: 44650 Updated by: [EMAIL PROTECTED] Reported By: wharmby at uk dot ibm dot com -Status: Assigned +Status: Closed Bug Type: Scripting Engine problem Operating System: Windows XP PHP Version: 5.2.6RC4 Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-04-06 13:55:51] [EMAIL PROTECTED] Will be fixed post 5.2.6 ------------------------------------------------------------------------ [2008-04-06 08:40:52] wharmby at uk dot ibm dot com Description: ------------ Calling escapeshellcmd() with more than 1 argument does not result in expected warning msg; any spurious arguments are just ignored. Suggest changing code to: PHP_FUNCTION(escapeshellcmd) { zval **arg1; char *cmd = NULL; if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &arg1) == FAILURE) { WRONG_PARAM_COUNT; } convert_to_string_ex(arg1); if (Z_STRLEN_PP(arg1)) { cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1)); RETVAL_STRING(cmd, 1); efree(cmd); } } or better still the following based on the code now in PHP 6 : PHP_FUNCTION(escapeshellcmd) { char *command int command_len; char *cmd = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) { return; } if (command_len) { cmd = php_escape_shell_cmd(command); RETVAL_STRING(cmd, 0); } else { RETVAL_EMPTY_STRING(); } } Reproduce code: --------------- <?php $command= "Mr O'Neil"; $extra_arg = 10; var_dump( escapeshellcmd($command, $extra_arg) ); ?> Expected result: ---------------- A warning msg. With suggested fix the following output will result: Warning: escapeshellcmd() expects exactly 1 parameter, 2 given in <...> on line nn NULL Actual result: -------------- Actual Output: ------------------- string(9) "Mr O Neil" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44650&edit=1
