php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31088 exec fails for command that works ate the command line
Submitted: 2004-12-14 14:32 UTC Modified: 2005-02-14 17:44 UTC
From: vdlaag at natlab dot research dot philips dot com Assigned:
Status: Not a bug Package: Program Execution
PHP Version: 5.0.2 OS: RedHat 9.0
Private report: No CVE-ID: None
View Developer Edit
 [2004-12-14 14:32 UTC] vdlaag at natlab dot research dot philips dot com 
Description:
------------
I have a command line tool that adds records to a database. This is the only way for me to access this database. 

The command line tool works as follows:
  createRequest -p -i "value1" -l "value2" etc
Each option is followed by the value for the record.
The -p option is there so that the ID of the new inserted record is returned to standard output.

At the command line this works fine. But as soon as a value contains a & the exec function fails. When a value contains parentheses, they are escaped (so that the escape characters are inserted in the database as well).

The configure script for php:
'./configure' '--prefix=/usr/local/php5' '--enable-safe-mode' '--with-apxs2=/usr/local/httpd/bin/apxs' '--with-gd' '--with-mssql=/usr/local/freetds' '--with-pgsql=/usr/local/pgsql' '--with-mysql=/usr/local/mysql' '--with-ldap=/usr/local/openldap' '--with-png-dir=/usr/local/libpng' '--with-zlib-dir=/usr/local/zlib' '--with-jpeg-dir=/usr/local/jpeg' '--with-freetype-dir=/usr/local/freetype/include/freetype2/freetype' '--with-curl=/usr/local/curl' '--with-mime-magic=/usr/share/magic.mime' '--with-xslt-sablot=/usr/local/Sablot' '--with-expat-dir=/usr/local/expat' '--with-libxml-dir=/usr/local/libxml' '--with-pear' 

I added the folder that holds the cretaeRequest tool to safe_mode_exec_dir in php.ini

Reproduce code:
---------------
//These options go OK
$Options['-i'] = "Add user to group X";
$Options['-l'] = "vdlaag";

//This option makes the exec command fail
$Options['-O] = "IP&S";

//This option results in extra slashes 
// it yields: Great stuff \(is it not\)
$Options['-a'] = "Great stuff (is it not)"

$Exec = $_SERVER['DOCUMENT_ROOT'] . 
"/vdlaag/NewUserForm/IPS/createRequest -p";
foreach ($Options as $option => $value)
{
    $Exec .= " " . $option . " '" . $value . "'";
}
$HDTCase = exec($Exec);     



Expected result:
----------------
I expect to get a number back from the exec command. This happens OK if there are no "weird" charachters in any of the values (like &). 

Actual result:
--------------
It returns nothing and the rest of my script fails as a result.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-11 23:03 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

Please provide a reproduce code that we could run & replicate the problem.
 [2005-02-14 14:52 UTC] vdlaag at natlab dot research dot philips dot com 
I am afraid this was a bogus bug report. As Safe mode isa enabled, every shell command is escaped. I found this later on in the documentation. Although I find this a bit peculiar, it works as designed. My problem occurs because the command is escaped. 

I already solved by creating another shell script, that executes the createRequest call. I call exec on this other shell script. Then it works fine. 

I am sorry to have troubled you with this. It turned out to be my own error and not a bug in PHP.
 [2005-02-14 17:44 UTC] tony2001@php.net 
Bogusified on user request.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Oct 25 15:00:01 2025 UTC