php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #69768 escapeshell*() doesn't cater to !
Submitted: 2015-06-07 18:01 UTC Modified: 2015-07-10 14:45 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: Program Execution
PHP Version: 5.6.9 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2015-06-07 18:01 UTC] cmb@php.net 
Description:
------------
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.

Neither escapeshellcmd() nor escapeshellarg() handle ! as a
special character, so this can cause security issues.

I suggest to treat ! the same as %, i.e. escape it with ^ in
escapeshellcmd() and replace it with a space in escapeshellarg(),
like it's done in the attached patch.

Patches

escapeshell-exclamation-mark (last revision 2015-06-07 18:02 UTC by cmb@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-07 18:02 UTC] cmb@php.net 
The following patch has been added/updated:

Patch Name: escapeshell-exclamation-mark
Revision:   1433700149
URL:        https://bugs.php.net/patch-display.php?bug=69768&patch=escapeshell-exclamation-mark&revision=1433700149
 [2015-06-22 10:43 UTC] kalle@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: cmb
 [2015-06-22 10:43 UTC] kalle@php.net 
Seems fine to me, go ahead and commit it, should probably go all the way down to 5.4
 [2015-06-23 23:47 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2015-06-23 23:47 UTC] cmb@php.net 
Merged into 5.4, 5.5, 5.6 and master.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC