|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-02-11 23:03 UTC] tony2001@php.net
[2005-02-14 14:52 UTC] vdlaag at natlab dot research dot philips dot com
[2005-02-14 17:44 UTC] tony2001@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Apr 20 09:01:28 2024 UTC |
Description: ------------ I have a command line tool that adds records to a database. This is the only way for me to access this database. The command line tool works as follows: createRequest -p -i "value1" -l "value2" etc Each option is followed by the value for the record. The -p option is there so that the ID of the new inserted record is returned to standard output. At the command line this works fine. But as soon as a value contains a & the exec function fails. When a value contains parentheses, they are escaped (so that the escape characters are inserted in the database as well). The configure script for php: './configure' '--prefix=/usr/local/php5' '--enable-safe-mode' '--with-apxs2=/usr/local/httpd/bin/apxs' '--with-gd' '--with-mssql=/usr/local/freetds' '--with-pgsql=/usr/local/pgsql' '--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local/openldap' '--with-png-dir=/usr/local/libpng' '--with-zlib-dir=/usr/local/zlib' '--with-jpeg-dir=/usr/local/jpeg' '--with-freetype-dir=/usr/local/freetype/include/freetype2/freetype' '--with-curl=/usr/local/curl' '--with-mime-magic=/usr/share/magic.mime' '--with-xslt-sablot=/usr/local/Sablot' '--with-expat-dir=/usr/local/expat' '--with-libxml-dir=/usr/local/libxml' '--with-pear' I added the folder that holds the cretaeRequest tool to safe_mode_exec_dir in php.ini Reproduce code: --------------- //These options go OK $Options['-i'] = "Add user to group X"; $Options['-l'] = "vdlaag"; //This option makes the exec command fail $Options['-O] = "IP&S"; //This option results in extra slashes // it yields: Great stuff \(is it not\) $Options['-a'] = "Great stuff (is it not)" $Exec = $_SERVER['DOCUMENT_ROOT'] . "/vdlaag/NewUserForm/IPS/createRequest -p"; foreach ($Options as $option => $value) { $Exec .= " " . $option . " '" . $value . "'"; } $HDTCase = exec($Exec); Expected result: ---------------- I expect to get a number back from the exec command. This happens OK if there are no "weird" charachters in any of the values (like &). Actual result: -------------- It returns nothing and the rest of my script fails as a result.