php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #32701 Safe-mode popen(): escaping problem
Submitted: 2005-04-14 09:22 UTC Modified: 2013-03-02 18:38 UTC
From: kosmo at miechow dot com Assigned: reeze (profile)
Status: Closed Package: *General Issues
PHP Version: 5.0.4 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2005-04-14 09:22 UTC] kosmo at miechow dot com 
Description:
------------
In safe-mode popen() is escaping command line by calling php_escape_shell_cmd(). This funcion escaping command line,
and changing valid command arguments. IMHO there should be any way to disable this escaping and run in safe-mode.

Reproduce code:
---------------
<?php
$r = popen("echo '-=< Test >=-'", "r");
print(stream_get_contents($r));
pclose($r);
?>


Expected result:
----------------
-=< Test >=-

Actual result:
--------------
-=\< Test \>=-

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-14 09:51 UTC] sniper@php.net 
This is how it works. No bug here.
 [2005-11-09 12:09 UTC] vrana@php.net 
It works bad. There's no way to echo '-=< Test >=-' in safe_mode. No characters inside single quotes should be escaped by php_escape_shell_cmd() as they have no special meaning.

I can prepare a patch for it if it will be accepted.
 [2005-11-09 12:57 UTC] sniper@php.net 
It's still not bug but a change request. Reclassified.

You can provide a patch if you wish. The fact is that we're going to remove the whole "safe-mode" anyway, so you're basically wasting your time. This is not the only thing that goes wrong with it..
 [2005-11-13 02:31 UTC] 5Wupdd51ogZj7Lm8B at anime dot net 
Is there any link to more detailed info about safe_mode going away, and how php is handling security in the next release?
 [2013-03-02 18:38 UTC] reeze@php.net 
Safe mode was gone.
 [2013-03-02 18:38 UTC] reeze@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: reeze
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 12:01:29 2024 UTC