MFH: Fixed bug #18291 (escapeshellcmd() can now handle quoted arguments)

author: Ilia Alshanetsky <iliaa@php.net> 2003-08-05 20:16:47 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2003-08-05 20:16:47 +0000
commit: 7c70a8f8c203d0cab6436d59cdd35325be5f686e (patch)
tree: 6cc3e2dd7e80aaeb10a5a6f4aa015f8cfa1d8652 /ext
parent: 1e76a637195ce02499f05f9004b18cdef03f7f0e (diff)
download: php-git-7c70a8f8c203d0cab6436d59cdd35325be5f686e.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 4c573c6032..80e247e11b 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -401,18 +401,28 @@ PHP_FUNCTION(passthru)
 char *php_escape_shell_cmd(char *str) {
 	register int x, y, l;
 	char *cmd;
+	char *p = NULL;
 
 	l = strlen(str);
 	cmd = emalloc(2 * l + 1);
 	
 	for (x = 0, y = 0; x < l; x++) {
 		switch (str[x]) {
+			case '"':
+			case '\'':
+				if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
+					/* noop */
+				} else if (p && *p == str[x]) {
+					p = NULL;
+				} else {
+					cmd[y++] = '\\';
+				}
+				cmd[y++] = str[x];
+				break;
 			case '#': /* This is character-set independent */
 			case '&':
 			case ';':
 			case '`':
-			case '\'':
-			case '"':
 			case '|':
 			case '*':
 			case '?':
author	Ilia Alshanetsky <iliaa@php.net>	2003-08-05 20:16:47 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2003-08-05 20:16:47 +0000
commit	7c70a8f8c203d0cab6436d59cdd35325be5f686e (patch)
tree	6cc3e2dd7e80aaeb10a5a6f4aa015f8cfa1d8652 /ext
parent	1e76a637195ce02499f05f9004b18cdef03f7f0e (diff)
download	php-git-7c70a8f8c203d0cab6436d59cdd35325be5f686e.tar.gz