#32701 [Opn]: Safe-mode popen(): escaping problem

kosmo at miechow dot com Thu, 14 Apr 2005 00:24:26 -0700

 ID:               32701
 User updated by:  kosmo at miechow dot com
 Reported By:      kosmo at miechow dot com
 Status:           Open
 Bug Type:         Filesystem function related
 Operating System: Linux
 PHP Version:      5.0.4
 New Comment:


Description:
------------
In safe-mode popen() is escaping command line by calling
php_escape_shell_cmd(). This funcion escaping command line,
and changing valid command arguments. IMHO there should be any way to
disable this escaping in safe-mode.

Reproduce code:
---------------
<?php
$r = popen("echo '-=< Test >=-'", "r");
print(stream_get_contents($r));
pclose($r);
?>

Expected result:
----------------
-=< Test >=-

Actual result:
--------------
-=\< Test \>=-


Previous Comments:
------------------------------------------------------------------------

[2005-04-14 09:22:15] kosmo at miechow dot com

Description:
------------
In safe-mode popen() is escaping command line by calling
php_escape_shell_cmd(). This funcion escaping command line,
and changing valid command arguments. IMHO there should be any way to
disable this escaping and run in safe-mode.

Reproduce code:
---------------
<?php
$r = popen("echo '-=< Test >=-'", "r");
print(stream_get_contents($r));
pclose($r);
?>


Expected result:
----------------
-=< Test >=-

Actual result:
--------------
-=\< Test \>=-


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=32701&edit=1

#32701 [Opn]: Safe-mode popen(): escaping problem

Reply via email to