diff options
| -rw-r--r-- | ext/standard/basic_functions.c | 1 | ||||
| -rw-r--r-- | ext/standard/exec.c | 48 | ||||
| -rw-r--r-- | ext/standard/exec.h | 1 |
3 files changed, 49 insertions, 1 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 4a0ae534e3..859f15a55c 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -212,6 +212,7 @@ function_entry basic_functions[] = { PHP_FE(exec, second_and_third_args_force_ref) PHP_FE(system, second_arg_force_ref) PHP_FE(escapeshellcmd, NULL) + PHP_FE(escapeshellarg, NULL) PHP_FE(passthru, second_arg_force_ref) PHP_FE(shell_exec, NULL) diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 9884f68656..088f856d18 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -314,7 +314,7 @@ char * php_escape_shell_cmd(char *str) { cmd = emalloc(2 * l + 1); strcpy(cmd, str); for (x = 0; cmd[x]; x++) { - if (php_get_index("&;`'\"|*?~<>^()[]{}$\\\x0A\xFF", cmd[x]) != -1) { + if (php_get_index("#&;`'\"|*?~<>^()[]{}$\\\x0A\xFF", cmd[x]) != -1) { for (y = l + 1; y > x; y--) cmd[y] = cmd[y - 1]; l++; /* length has been increased */ @@ -325,6 +325,32 @@ char * php_escape_shell_cmd(char *str) { return cmd; } +char * php_escape_shell_arg(char *str) { + register int x, y, l; + char *cmd; + + l = strlen(str); + cmd = emalloc(4 * l + 3); + cmd[0] = '\''; + strcpy(cmd+1, str); + l++; + + for (x = 1; cmd[x]; x++) { + if (cmd[x] == '\'') { + for (y = l + 3; y > x+1; y--) { + cmd[y] = cmd[y - 3]; + } + cmd[++x] = '\\'; + cmd[++x] = '\''; + cmd[++x] = '\''; + l+=3; /* length was increased by 3 */ + } + } + cmd[l++] = '\''; + cmd[l] = '\0'; + return cmd; +} + /* {{{ proto string escapeshellcmd(string command) Escape shell metacharacters */ PHP_FUNCTION(escapeshellcmd) @@ -345,6 +371,26 @@ PHP_FUNCTION(escapeshellcmd) } /* }}} */ +/* {{{ proto string escapeshellarg(string arg) + Quote and escape an argument for use in a shell command */ +PHP_FUNCTION(escapeshellarg) +{ + pval **arg1; + char *cmd = NULL; + + if (zend_get_parameters_ex(1, &arg1) == FAILURE) { + WRONG_PARAM_COUNT; + } + + convert_to_string_ex(arg1); + if ((*arg1)->value.str.len) { + cmd = php_escape_shell_arg((*arg1)->value.str.val); + RETVAL_STRING(cmd, 1); + efree(cmd); + } +} +/* }}} */ + /* {{{ proto string shell_exec(string cmd) Use pclose() for FILE* that has been opened via popen() */ PHP_FUNCTION(shell_exec) diff --git a/ext/standard/exec.h b/ext/standard/exec.h index d96a4d81ce..dff1df8100 100644 --- a/ext/standard/exec.h +++ b/ext/standard/exec.h @@ -24,6 +24,7 @@ PHP_FUNCTION(system); PHP_FUNCTION(exec); PHP_FUNCTION(escapeshellcmd); +PHP_FUNCTION(escapeshellarg); PHP_FUNCTION(passthru); PHP_FUNCTION(shell_exec); |