PHP :: Bug #28811 :: In safemode, exec/system doesn't find commands between ticks

Bug #28811	In safemode, exec/system doesn't find commands between ticks
Submitted:	2004-06-17 01:39 UTC	Modified:	2004-06-17 02:01 UTC
From:	egoh at flexwebhosting dot nl	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	4.3.7	OS:	Fedora Core 1
Private report:	No	CVE-ID:	None

View Developer Edit

[2004-06-17 01:39 UTC] egoh at flexwebhosting dot nl

Description:
------------
When running in safemode, you can't call a command like:
'/usr/bin/convert' .
When safemode is off this does work.

It is causing some common scripts to fail, cause they use the hooks to allow people to use spaces or other special signs in the path.


Reproduce code:
---------------
<?
$command="'/usr/bin/convert'";
exec($command,$results,$status);
print_r($results);
echo $status;
?>


Expected result:
----------------
The convert command to be executed.

Actual result:
--------------
Exec returns 127 file not found status.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-06-17 01:48 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When safe_mode is enabled both `` and shell_exec() are 
disabled.

[2004-06-17 02:01 UTC] egoh at flexwebhosting dot nl

I'm not talking about back-ticks or shell_exec, please look a little closer.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Fri Feb 13 14:00:01 2026 UTC