PHP :: Bug #28881 :: exec(), system(), passthru() incorrectly escape parentheses

Bug #28881	exec(), system(), passthru() incorrectly escape parentheses
Submitted:	2004-06-22 15:18 UTC	Modified:	2004-06-24 02:39 UTC
From:	uncle at fedor dot com	Assigned:
Status:	Not a bug	Package:	Filesystem function related
PHP Version:	4.3.7	OS:	Linux SuSE 8.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	uncle at fedor dot com
New email:
PHP Version:		OS:

New Comment:

[2004-06-22 15:18 UTC] uncle at fedor dot com

Description:
------------
exec() gives the following results when working with files containing spaces *and* parentheses/brackets on Linux:

If the filename to be passed by the exec() function is enclosed in quotes "..." (to handle the spaces) then the backslashes are added before the following symbols:
( ) [ ] { }
and possibly before some other ones I haven't discovered.



Reproduce code:
---------------
1. exec ("touch \"Testfile without parentheses.txt\"");

2. exec ("touch Now_without_spaces_(but_with_parenteses)");

3. exec ("touch \"Now both spaces (and parentheses)\");





Expected result:
----------------
1. Creating file:
Testfile without parentheses.txt

2. Creating file:
Now_without_spaces_(but_with_parentheses)

3. Creating file:
Now both spaces (and parentheses)

Actual result:
--------------
1. Creating file:
Testfile without parentheses.txt

2. Creating file:
Now_without_spaces_(but_with_parentheses)

3. Creating file:
Now both spaces \(and parentheses\)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-06-22 16:14 UTC] iliaa@php.net

Unless you have safe_mode enabled exec functions do not 
perform any automatic escaping. With PHP 4.3.7 without 
safe_mode exec ("touch \"Now both spaces (and 
parentheses)\"); works as expected.

[2004-06-22 19:21 UTC] uncle at fedor dot com

Thank you for such a speedy reply!

The things is I *do* have safe mode enabled. And the functions behave as described above.

Is there any workaround for the safe mode?

[2004-06-24 02:39 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

When safe_mode is enabled certain escaping routines are 
performed on all execute commands and arguments. There is 
no way to prevent this other then to disable safe_mode.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 03 13:01:33 2025 UTC