php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49446 escapeshellarg dosn`t work on windows
Submitted: 2009-09-02 23:10 UTC Modified: 2016-06-21 16:34 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:4 of 4 (100.0%)
Same Version:2 (50.0%)
Same OS:2 (50.0%)
From: heromantor at users dot sourceforge dot net Assigned: pajoye
Status: Assigned Package: CGI/CLI related
PHP Version: 5.2.10 OS: windows xp sp2
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-09-02 23:10 UTC] heromantor at users dot sourceforge dot net
Description:
------------
escapeshellarg function dosn`t work properly on windows platform. Problem in " \ and % chars handling.

this patch fix this problem
--- exec.c  Wed Sep  2 22:41:27 2009
+++ exec_fixed.c    Wed Sep  2 22:40:50 2009
@@ -352,6 +352,11 @@
    cmd = safe_emalloc(4, l, 3); /* worst case */
 
 #ifdef PHP_WIN32
+#   define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+        for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+            cmd[y++] = '\\'; \
+        }
+
    cmd[y++] = '"';
 #else
    cmd[y++] = '\'';
@@ -372,10 +377,16 @@
 
        switch (str[x]) {
 #ifdef PHP_WIN32
-       case '"':
-       case '%':
-           cmd[y++] = ' ';
-           break;
+        case '%':
+            PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+            cmd[y++] = '"';
+            cmd[y++] = '%';
+            cmd[y++] = '"';
+            break;
+        case '"':
+            PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+            cmd[y++] = '"';
+            /* fall-through */
 #else
        case '\'':
            cmd[y++] = '\'';
@@ -388,6 +399,9 @@
        }
    }
 #ifdef PHP_WIN32
+    PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+#   undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
    cmd[y++] = '"';
 #else
    cmd[y++] = '\'';

and some test cases
P A T H => "P A T H"
%PATH% => ""%"PATH"%""
a%PATH%b => "a"%"PATH"%"b"
%%PATH%% => ""%""%"PATH"%""%""
"PATH" => """PATH"""
"%PATH%" => """"%"PATH"%""""
\P\A\T\H => "\P\A\T\H"
\P\A\T\H\ => "\P\A\T\H\\"
\%\%\ => "\\"%"\\"%"\\"
a\\%b\\c%\\ => "a\\\\"%"b\\c"%"\\\\"
"a\" => """a\\"""
a\" => "a\\"""
a\"^|^&^(^) => "a\\""^|^&^(^)"
PATH\%\ => "PATH\\"%"\\"


Reproduce code:
---------------
<?php
print_r(escapeshellarg("%PATH%") . PHP_EOL);
print_r(escapeshellarg("c:\\temp\\") . PHP_EOL);
print_r(escapeshellarg('\\"') . PHP_EOL);


Expected result:
----------------
""%"PATH"%""
"c:\temp\\"
"\\"""


Actual result:
--------------
" PATH "
"c:\temp\"
"\ "


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-02 23:51 UTC] heromantor at users dot sourceforge dot net
oh sorry, i post invalid patch.

this ok:
--- exec.c  Wed Sep  2 23:44:19 2009
+++ exec_fixed.c    Wed Sep  2 23:44:41 2009
@@ -343,7 +343,7 @@
  */
 PHPAPI char *php_escape_shell_arg(char *str)
 {
-    int x, y = 0, l = strlen(str);
+    int x, y = 0, j, l = strlen(str);
     char *cmd;
     size_t estimate = (4 * l) + 3;
 
@@ -352,6 +352,11 @@
     cmd = safe_emalloc(4, l, 3); /* worst case */
 
 #ifdef PHP_WIN32
+#   define PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES() \
+        for(j = y - 1; j > 0 && cmd[j] == '\\'; --j) { \
+            cmd[y++] = '\\'; \
+        }
+
     cmd[y++] = '"';
 #else
     cmd[y++] = '\'';
@@ -372,10 +377,16 @@
 
         switch (str[x]) {
 #ifdef PHP_WIN32
-        case '"':
-        case '%':
-            cmd[y++] = ' ';
-            break;
+        case '%':
+            PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+            cmd[y++] = '"';
+            cmd[y++] = '%';
+            cmd[y++] = '"';
+            break;
+        case '"':
+            PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+            cmd[y++] = '"';
+            /* fall-through */
 #else
         case '\'':
             cmd[y++] = '\'';
@@ -388,6 +399,9 @@
         }
     }
 #ifdef PHP_WIN32
+    PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES()
+#   undef PHP_ESCAPE_SHELL_ARG_PROCESS_TRAILING_SLASHES
+
     cmd[y++] = '"';
 #else
     cmd[y++] = '\'';
 [2009-09-03 04:16 UTC] scottmac@php.net
This was fixed in 5.3 with bug #43261

Though \\ within double quotes is considered a single \
 [2009-09-11 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2011-03-03 10:54 UTC] pajoye@php.net
-Status: Closed +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2011-03-03 10:54 UTC] pajoye@php.net
Something is wrong with this patch, and we should try to use ^ in trunk.
 [2016-06-21 16:34 UTC] cmb@php.net
FWIW, I've just tested with PHP 7.0.7:

    <?php
    var_dump(escapeshellarg("%PATH%"));
    var_dump(escapeshellarg("c:\\temp\\"));
    var_dump(escapeshellarg('\\"'));
    ?>

Result:

    string(8) "" PATH ""
    string(11) ""c:\temp\\""
    string(4) ""\ ""

With regard to the documentation (3) is correct, but (1) and (2)
would be wrong:

| On Windows, escapeshellarg() instead removes percent signs,
| replaces double quotes with spaces and adds double quotes around
| the string.

The documentation also doesn't yet mention that exclamation marks
are replaced by spaces.

I'll fix the doc bugs right away.

Anyhow, I'd like to see:

    string(10) ""^%PATH^%""
    string(10) ""c:\temp\""
    string(3) "\"""
 [2016-06-21 17:00 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=339439
Log: Fix Windows related documentation (see #49446)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC