php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18291 exec() arguments (+suggested solution)
Submitted: 2002-07-11 22:44 UTC Modified: 2003-08-05 15:17 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: php dot hc at saustrup dot net Assigned:
Status: Closed Package: Program Execution
PHP Version: 4.3.3RC2-dev OS: RedHat Linux 7.3
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php dot hc at saustrup dot net
New email:
PHP Version: OS:

 

 [2002-07-11 22:44 UTC] php dot hc at saustrup dot net 
This kept me up all night :-) I needed to pass a textstring to an external program, and did something like this in PHP:

exec('/usr/bin/binary 1 2 3 "a b c" 4 5 6');

It kept screwing up, and after debugging it I realized that the exec() function actually called /usr/bin/binary with 9 arguments, and not 7 as I thought it would. Apparently PHP's exec() just splits up the string where it finds whitespaces and thinks they're different arguments. I'm not sure about the proper solution, but it would be awesome with a more "strict" exec()-like function that could work something like this:

newexec('/usr/bin/binary',array('1','2','3','a b c','4','5','6'));

That way, there would be NO doubt about the arguments :-)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-12 18:51 UTC] sniper@php.net 
FYI: PHP uses popen(), not execve()..

In 4.2.1 there is pcntl_exec() which behaves similarly to
the system execve. Maybe that's what you want to use..?


Try these scripts:

shell_args_1arg.php:
<?php echo exec('./test.sh "213 123"'); ?>

shell_args_2arg.php:
<?php echo exec('./test.sh 213 123'); ?>

test.sh:
<----8<---->
#!/bin/sh

echo $1
<----8<---->
 [2002-07-19 20:09 UTC] php dot hc at saustrup dot net 
I tried what you suggested, and this is what came out:

Script 1: "213
Script 2: 213

I'm a security freak, so I have safe_mode enabled. Apparently safe_mode is infact the cause of this error, because when I disabled it in php.ini, the two scripts worked like you suggested:

Script 1: 213 123
Script 2: 213

Please test this yourself and post the results.
 [2002-07-19 20:56 UTC] sniper@php.net 
Seems like safe-mode does mess up the parameters.
I'm not sure if this is actually the correct behaviour...
 [2003-07-10 21:46 UTC] sniper@php.net 
Here you can find possible fix for this problem: http://www.netwake.de/bug18291.diff

(thanks to Thomas Lamy)
 [2003-08-05 15:17 UTC] iliaa@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Oct 27 15:00:01 2025 UTC