PHP :: Bug #45981 :: function escapeshellarg excessively quotes single quotes

Bug #45981	function escapeshellarg excessively quotes single quotes
Submitted:	2008-09-03 13:05 UTC	Modified:	2008-09-03 13:39 UTC
From:	jeroen at asystance dot nl	Assigned:
Status:	Not a bug	Package:	Unknown/Other Function
PHP Version:	5.2CVS-2008-09-03 (snap)	OS:	debian linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-09-03 13:05 UTC] jeroen at asystance dot nl

Description:
------------
escapeshellarg inserts single quotes (') before and after an escaped single quote

I observed the bug in 5.2.6-3 and the php5.3-200809031030 CVS snapshot

Reproduce code:
---------------
<?php
echo escapeshellarg("single ' quote") . "\n";
echo escapeshellarg('single \' quote') . "\n";
?>

Expected result:
----------------
'single \' quote'
'single \' quote'

Actual result:
--------------
'single '\'' quote'
'single '\'' quote'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-09-03 13:39 UTC] pajoye@php.net

How is it supposed to know that the string argument is already escaped?

What is done in your example is not different than:

print_r(escapeshellarg(escapeshellarg("single ' quote")));

Not a bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 17 13:01:33 2025 UTC