diff options
| author | Sascha Schumann <sas@php.net> | 2001-07-22 21:32:55 +0000 |
|---|---|---|
| committer | Sascha Schumann <sas@php.net> | 2001-07-22 21:32:55 +0000 |
| commit | 8492ece5f6d5fd734684a810eb63105abe8c09d8 (patch) | |
| tree | 5249c14119921eadb1eb91144a39c2074a73fc68 /ext | |
| parent | c60a6a5bd9c7b30de6f4e2236720220baff49d74 (diff) | |
| download | php-git-8492ece5f6d5fd734684a810eb63105abe8c09d8.tar.gz | |
While researching a crash-bug in mail(), I found these two goldies.
Replace php_escape_shell_(arg|cmd) with straight-forward implementations.
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/standard/exec.c | 93 |
1 files changed, 52 insertions, 41 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index 5dd828de26..3dd541d212 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -327,20 +327,6 @@ PHP_FUNCTION(passthru) } /* }}} */ -/* {{{ php_get_index - */ -static int php_get_index(char *s, char c) -{ - register int x; - - for (x = 0; s[x]; x++) - if (s[x] == c) - return x; - - return -1; -} -/* }}} */ - /* {{{ php_escape_shell_cmd Escape all chars that could possibly be used to break out of a shell command @@ -350,51 +336,76 @@ static int php_get_index(char *s, char c) *NOT* safe for binary strings */ -char * php_escape_shell_cmd(char *str) { +char *php_escape_shell_cmd(char *str) { register int x, y, l; char *cmd; l = strlen(str); cmd = emalloc(2 * l + 1); - strcpy(cmd, str); - for (x = 0; cmd[x]; x++) { - if (php_get_index("#&;`'\"|*?~<>^()[]{}$\\\x0A\xFF", cmd[x]) != -1) { - for (y = l + 1; y > x; y--) - cmd[y] = cmd[y - 1]; - l++; /* length has been increased */ - cmd[x] = '\\'; - x++; /* skip the character */ + + for (x = 0, y = 0; x < l; x++) { + switch (str[x]) { + case '#': /* This is character-set independent */ + case '&': + case ';': + case '`': + case '\'': + case '"': + case '|': + case '*': + case '?': + case '~': + case '<': + case '>': + case '^': + case '(': + case ')': + case '[': + case ']': + case '{': + case '}': + case '$': + case '\\': + case '\x0A': /* excluding these two */ + case '\xFF': + cmd[y++] = '\\'; + /* fall-through */ + default: + cmd[y++] = str[x]; + } } + cmd[y] = '\0'; return cmd; } /* }}} */ /* {{{ php_escape_shell_arg */ -char * php_escape_shell_arg(char *str) { - register int x, y, l; +char *php_escape_shell_arg(char *str) { + int x, y, l; char *cmd; + y = 0; l = strlen(str); - cmd = emalloc(4 * l + 3); - cmd[0] = '\''; - strcpy(cmd+1, str); - l++; - - for (x = 1; cmd[x]; x++) { - if (cmd[x] == '\'') { - for (y = l + 3; y > x+1; y--) { - cmd[y] = cmd[y - 3]; - } - cmd[++x] = '\\'; - cmd[++x] = '\''; - cmd[++x] = '\''; - l+=3; /* length was increased by 3 */ + + cmd = emalloc(4 * l + 3); /* worst case */ + + cmd[y++] = '\''; + + for (x = 0; x < l; x++) { + switch (str[x]) { + case '\'': + cmd[y++] = '\''; + cmd[y++] = '\\'; + cmd[y++] = '\''; + /* fall-through */ + default: + cmd[y++] = str[x]; } } - cmd[l++] = '\''; - cmd[l] = '\0'; + cmd[y++] = '\''; + cmd[y] = '\0'; return cmd; } /* }}} */ |