From: [EMAIL PROTECTED] Operating system: Windows 2000 IIS 5 SP2 PHP version: 4.2.1 PHP Bug Type: *Directory/Filesystem functions Bug description: using exec
Why not just have php.exe call the cmd.exe in the system process? I'd recommend allowing a choice. Either pass the logged on user or let php handle exec() in the system process (default behavior). One already allows IUSR permissions to php.exe. That way you wouldn't have to worry about requests like this (all the nimda variants et al): '/scripts/..%c1%1c../winnt/system32/cmd.exe' Coming from the Microsoft world of programming for the past 9 years I see this as a bug. If you see it as a feature request, then so be it. -- Edit bug report at http://bugs.php.net/?id=17416&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=17416&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=17416&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=17416&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=17416&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=17416&r=support Expected behavior: http://bugs.php.net/fix.php?id=17416&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=17416&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=17416&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=17416&r=globals
