php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #34945 exec(): Problem with quotes in commandline
Submitted: 2005-10-21 12:54 UTC Modified: 2016-12-30 23:15 UTC
Votes:5
Avg. Score:4.0 ± 1.3
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:4 (80.0%)
From: mplomer at gmx dot de Assigned:
Status: Open Package: Program Execution
PHP Version: 5CVS-2005-10-21 (snap) OS: WinXP
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-10-21 12:54 UTC] mplomer at gmx dot de
Description:
------------
If i have a complicated commandline with quotes and spaces in it, and pass it to exec(), system(), ..., then i get under Windows "path or filename not found" despite the filenames are correct.

The Problem is the following:
PHP starts a command over the command-interpreter by prefixing the commandline with "cmd.exe /c ".

Test in DOS-Box:
If I enter the command in a "DOS-Box", the result is ok, but if I prefix it with "cmd.exe /c ", then i get the same failure as in PHP.

If you read the "manpage" ("cmd.exe /?"), there is a hint, that "cmd.exe /c" has problems with quotes. And IMHO there is no way to escape theese quotes.

My solutions are:
- Someone finds a way to escape quotes for cmd.exe
- A new Parameter for system()/exec()/...
- ... or better: A php.ini-setting, ... which controls, if the command is executed over the shell, or executed directly.


Reproduce code:
---------------
system('"D:\Program Files\fop\fop.bat" "path with blanks/to/bla.fo" "output path/bla.pdf"');

Expected result:
----------------
Successful execution.

Actual result:
--------------
cmd.exe says: "path/file not found"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-21 12:58 UTC] tony2001@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 [2005-10-21 14:18 UTC] mplomer at gmx dot de
Sure, it's not directly a Bug in PHP, but it's a feature-request to workaround a bug/feature of cmd.exe:

We need a possibility to bypass the command-interpreter for execution of commands, since cmd.exe can't execute it complete correctly.
Or someone finds a solution to escape quotes correctly. I will check this out over the weekend ;-)
 [2005-10-21 14:58 UTC] cspeer at gmx dot de
I have the same problem. I have also no solution to execute commands with many quotes.
 [2005-10-27 19:38 UTC] mplomer at gmx dot de
cmd.exe /C accepts only two quotes in a commandline. If there are more, then the first and the last quote is removed.
This makes it impossible to pass commandlines like:
"C:/Program Files/bla/bla.exe" "c:/my files/bla.txt"

So it is IMHO the best way, if we create an option to bypass the command-interpreter.
 [2010-02-03 20:21 UTC] mplomer at gmx dot de
Since PHP 5.2.1 the proc_open() function has a new parameter "bypass_shell", which is the needed feature.

It would be nice to have the same solution for all other shell related functions (exec,shell_exec,system,...). For example via a php.ini option.
 [2016-12-30 23:15 UTC] cmb@php.net
-Package: Feature/Change Request +Package: Program Execution
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 07 03:01:24 2019 UTC