PHP :: Bug #40830 :: escapeshellarg() doesn't escape correctly

Bug #40830	escapeshellarg() doesn't escape correctly
Submitted:	2007-03-15 20:33 UTC	Modified:	2007-03-15 22:34 UTC
From:	xavier dot blanchet at free dot fr	Assigned:
Status:	Not a bug	Package:	CGI/CLI related
PHP Version:	5.2.1	OS:	Windows XP SP2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	xavier dot blanchet at free dot fr
New email:
PHP Version:		OS:

New Comment:

[2007-03-15 20:33 UTC] xavier dot blanchet at free dot fr

Description:
------------
escapeshellarg() doesn't escape correctly double quotes (enclosing with simple quotes on Windows does not work anyway...)

Reproduce code:
---------------
conversion.php
--------------
<?php
// The goal is to pass geographic coordinates
echo escapeshellarg($argv[1]);
?>

shell
-----
$ php conversion.php 45?53'36"

Expected result:
----------------
"45?53'36\""

Actual result:
--------------
"45?53'36"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-03-15 21:53 UTC] edink@php.net

Windows shell will not pass the trailing " to php. Try dumping $argv[1] to see it yourself :)

[2007-03-15 22:34 UTC] xavier dot blanchet at free dot fr

Mmm... yes, indeed :) is that the "normal" behaviour ?
Dumping and playing with the argument however, I noticed a triple " at the end will do. 

Example
-------
45?53'36"""

Do you know more about that ?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 10:01:33 2025 UTC