|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[1998-04-22 10:29 UTC] rasmus
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 22:00:02 2025 UTC |
If safe mode, the popen command search the '/' character to detect the presence of a path in the command to exec. This is OK, but has a problem; if you execute a command with parameters, for example: $fp=popen("ls dir/dir2","r") it will fail because it will replace "ls dir" by the path to the secure dir, trying to execute "dir2" from this. I wrote a path to correct this problem; this patch must be applied to file functions/file.c (where php3_popen function lives) The patch: --------------------- CUT HERE ------------------------- 309c309,316 < b = strrchr(arg1->value.str.val,'/'); --- > b = strchr(arg1->value.str.val,' '); > if(!b) { > b = strrchr(arg1->value.str.val,'/'); > } else { > c = arg1->value.str.val; > while((*b!='/')&&(b!=c)) b--; > if(b==c) b=NULL; > } --------------------- CUT HERE -------------------------