php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch escapeshell-exclamation-mark for Program Execution Bug #69768

Patch version 2015-06-07 18:02 UTC

Return to Bug #69768 | Download this patch
Patch Revisions:

Developer: cmb@php.net

 ext/standard/exec.c                                                 | 6 +++++-
 .../tests/general_functions/escapeshellarg_basic-win32.phpt         | 2 ++
 ext/standard/tests/general_functions/escapeshellcmd-win32.phpt      | 5 ++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 71dfc7c..2438a80 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -283,9 +283,12 @@ PHPAPI zend_string *php_escape_shell_cmd(char *str)
 				break;
 #else
 			/* % is Windows specific for environmental variables, ^%PATH% will
-				output PATH whil ^%PATH^% not. escapeshellcmd->val will escape all %.
+				output PATH while ^%PATH^% not. cmd->val will escape all %.
+				! triggers delayed substitution of Windows environment variables,
+				if this functionality is enabled. cmd->val will escape all !.
 			*/
 			case '%':
+			case '!':
 			case '"':
 			case '\'':
 #endif
@@ -369,6 +372,7 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
 #ifdef PHP_WIN32
 		case '"':
 		case '%':
+		case '!':
 			cmd->val[y++] = ' ';
 			break;
 #else
diff --git a/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt b/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt
index 8880056..d97c1a9 100644
--- a/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt
+++ b/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt
@@ -18,6 +18,7 @@ echo "Simple testcase for escapeshellarg() function\n";
 var_dump(escapeshellarg("Mr O'Neil"));
 var_dump(escapeshellarg("Mr O\'Neil"));
 var_dump(escapeshellarg("%FILENAME"));
+var_dump(escapeshellarg("!FILENAME"));
 var_dump(escapeshellarg(""));
 
 echo "Done\n";
@@ -27,5 +28,6 @@ Simple testcase for escapeshellarg() function
 string(11) ""Mr O'Neil""
 string(12) ""Mr O\'Neil""
 string(11) "" FILENAME""
+string(11) "" FILENAME""
 string(2) """"
 Done
\ No newline at end of file
diff --git a/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt b/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt
index 9fcb991..7d2a029 100644
--- a/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt
+++ b/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt
@@ -17,7 +17,8 @@ $data = array(
 	'%^',
 	'#&;`|*?',
 	'~<>\\',
-	'%NOENV%'
+	'%NOENV%',
+	'!NOENV!'
 );
 
 $count = 1;
@@ -46,4 +47,6 @@ string(14) "^#^&^;^`^|^*^?"
 string(8) "^~^<^>^\"
 -- Test 8 --
 string(9) "^%NOENV^%"
+-- Test 9 --
+string(9) "^!NOENV^!"
 Done
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC