|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11767 Bad escape sequence
Submitted: 2001-06-28 02:27 UTC Modified: 2002-06-02 14:01 UTC
Avg. Score:4.7 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: veins at kheos dot net Assigned:
Status: Not a bug Package: Program Execution
PHP Version: 4.0.6 OS: Unix
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: veins at kheos dot net
New email:
PHP Version: OS:


 [2001-06-28 02:27 UTC] veins at kheos dot net
When safe_mode is set to On, it is impossible to pass a variable that contains a string with a space in it as an argument to any system() like function. The following script shows the problem:

   $somevar = "this is a test";
   exec(" $somevar", $return);
   echo $return[0];
?> being a simple shell script that echoes back anything that we feed it. The following PHP script will display 'this' instead of 'this is a test'. I tried backslashing every chars of the variable by writing a simple function but spaces seems not to be correctly passed to the shell script. The same script executed when safe_mode is set to off works perfectly...

Veins - Veins@Kheos.Net


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-29 05:28 UTC] veins at kheos dot net
I had some time this morning to check for the infamous bug and while watching standart/exec.c I found out that the index of chars that should be backslashed didn't include \x20. File was modified in consequence and after a recompilation i was surprised to see that it didn't work :/
If anyone plans to correct this, do not add \x20 to the index of chars cause it would also backslash spaces between the binary name and the vars. The same example as previous post would _try_ to execute `\ this\ ?s\ a\ test` as a single command  :(

I would like to point to the fact that this bug affects many, many, many people using a system based authentication as it prevents users from log into whatever they want to log into correctly. It prevents also the use of any kind of system() function when a space is needed anywhere in the call.
 [2002-06-02 14:01 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Tue Nov 24 21:01:23 2020 UTC