diff options
| -rw-r--r-- | ext/standard/exec.c | 21 | ||||
| -rw-r--r-- | ext/standard/exec.h | 2 |
2 files changed, 20 insertions, 3 deletions
diff --git a/ext/standard/exec.c b/ext/standard/exec.c index a061266092..a855040a99 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -309,9 +309,14 @@ PHP_FUNCTION(exec) int arg_count = ZEND_NUM_ARGS(); int ret; - if (arg_count > 3 || zend_get_parameters_ex(arg_count, &arg1, &arg2, &arg3) == FAILURE) { + if (arg_count < 1 || arg_count > 3 || zend_get_parameters_ex(arg_count, &arg1, &arg2, &arg3) == FAILURE) { WRONG_PARAM_COUNT; } + + if (!Z_STRLEN_PP(arg1)) { + PHP_EMPTY_EXEC_PARAM; + } + switch (arg_count) { case 1: ret = php_Exec(0, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC); @@ -337,9 +342,14 @@ PHP_FUNCTION(system) int arg_count = ZEND_NUM_ARGS(); int ret; - if (arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) { + if (arg_count < 1 || arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) { WRONG_PARAM_COUNT; } + + if (!Z_STRLEN_PP(arg1)) { + PHP_EMPTY_EXEC_PARAM; + } + switch (arg_count) { case 1: ret = php_Exec(1, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC); @@ -361,9 +371,14 @@ PHP_FUNCTION(passthru) int arg_count = ZEND_NUM_ARGS(); int ret; - if (arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) { + if (arg_count < 1 || arg_count > 2 || zend_get_parameters_ex(arg_count, &arg1, &arg2) == FAILURE) { WRONG_PARAM_COUNT; } + + if (!Z_STRLEN_PP(arg1)) { + PHP_EMPTY_EXEC_PARAM; + } + switch (arg_count) { case 1: ret = php_Exec(3, Z_STRVAL_PP(arg1), NULL, return_value TSRMLS_CC); diff --git a/ext/standard/exec.h b/ext/standard/exec.h index 3f53895517..c1da04bd5a 100644 --- a/ext/standard/exec.h +++ b/ext/standard/exec.h @@ -35,4 +35,6 @@ char *php_escape_shell_cmd(char *); char *php_escape_shell_arg(char *); int php_Exec(int type, char *cmd, pval *array, pval *return_value TSRMLS_DC); +#define PHP_EMPTY_EXEC_PARAM { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command"); RETURN_FALSE; } + #endif /* EXEC_H */ |