diff options
| author | Christoph M. Becker <cmb@php.net> | 2015-06-24 00:15:55 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmb@php.net> | 2015-06-24 00:15:55 +0200 |
| commit | a621781fdb733167f37027f02bf612696f892d07 (patch) | |
| tree | 166f5ffd42996c401394b6763a12798ea9f64c54 | |
| parent | fdb580a5ade8dc1c2c728a3787a583d7fc05bfe8 (diff) | |
| download | php-git-a621781fdb733167f37027f02bf612696f892d07.tar.gz | |
Fixed bug #69768 (escapeshell*() doesn't cater to !)
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and so ! should
be escaped like %.
| -rw-r--r-- | ext/standard/exec.c | 4 | ||||
| -rw-r--r-- | ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt | 2 | ||||
| -rw-r--r-- | ext/standard/tests/general_functions/escapeshellcmd-win32.phpt | 5 |
3 files changed, 9 insertions, 2 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index d0b1e01e16..aa487351ca 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -281,9 +281,10 @@ PHPAPI char *php_escape_shell_cmd(char *str) break; #else /* % is Windows specific for enviromental variables, ^%PATH% will - output PATH whil ^%PATH^% not. escapeshellcmd will escape all %. + output PATH while ^%PATH^% will not. escapeshellcmd will escape all % and !. */ case '%': + case '!': case '"': case '\'': #endif @@ -366,6 +367,7 @@ PHPAPI char *php_escape_shell_arg(char *str) #ifdef PHP_WIN32 case '"': case '%': + case '!': cmd[y++] = ' '; break; #else diff --git a/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt b/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt index 888005633d..d97c1a956b 100644 --- a/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt +++ b/ext/standard/tests/general_functions/escapeshellarg_basic-win32.phpt @@ -18,6 +18,7 @@ echo "Simple testcase for escapeshellarg() function\n"; var_dump(escapeshellarg("Mr O'Neil")); var_dump(escapeshellarg("Mr O\'Neil")); var_dump(escapeshellarg("%FILENAME")); +var_dump(escapeshellarg("!FILENAME")); var_dump(escapeshellarg("")); echo "Done\n"; @@ -27,5 +28,6 @@ Simple testcase for escapeshellarg() function string(11) ""Mr O'Neil"" string(12) ""Mr O\'Neil"" string(11) "" FILENAME"" +string(11) "" FILENAME"" string(2) """" Done
\ No newline at end of file diff --git a/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt b/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt index 9fcb99188c..7d2a029b47 100644 --- a/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt +++ b/ext/standard/tests/general_functions/escapeshellcmd-win32.phpt @@ -17,7 +17,8 @@ $data = array( '%^', '#&;`|*?', '~<>\\', - '%NOENV%' + '%NOENV%', + '!NOENV!' ); $count = 1; @@ -46,4 +47,6 @@ string(14) "^#^&^;^`^|^*^?" string(8) "^~^<^>^\" -- Test 8 -- string(9) "^%NOENV^%" +-- Test 9 -- +string(9) "^!NOENV^!" Done |