iliaa Tue Apr 8 17:17:07 2008 UTC Modified files: (Branch: PHP_5_2) /php-src NEWS /php-src/ext/standard exec.c Log: MFB: Bug #44650 escaepshellscmd() does not check arg count (port from 5.3) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1136&r2=1.2027.2.547.2.1137&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1136 php-src/NEWS:1.2027.2.547.2.1137 --- php-src/NEWS:1.2027.2.547.2.1136 Tue Apr 8 14:11:49 2008 +++ php-src/NEWS Tue Apr 8 17:17:07 2008 @@ -3,6 +3,7 @@ ?? Apr 2008, PHP 5.2.6 - Fixed bug #44667 (proc_open() does not handle pipes with the mode 'wb' correctly). (Jani) +- Fixed bug #44650 (escaepshellscmd() does not check arg count). (Ilia) - Fixed bug #44591 (imagegif's filename parameter). (Felipe) - Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build) (stotty at tvnet dot hu) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.9&r2=1.113.2.3.2.10&diff_format=u Index: php-src/ext/standard/exec.c diff -u php-src/ext/standard/exec.c:1.113.2.3.2.9 php-src/ext/standard/exec.c:1.113.2.3.2.10 --- php-src/ext/standard/exec.c:1.113.2.3.2.9 Sun Mar 30 12:17:39 2008 +++ php-src/ext/standard/exec.c Tue Apr 8 17:17:07 2008 @@ -16,7 +16,7 @@ | Ilia Alshanetsky <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: exec.c,v 1.113.2.3.2.9 2008/03/30 12:17:39 felipe Exp $ */ +/* $Id: exec.c,v 1.113.2.3.2.10 2008/04/08 17:17:07 iliaa Exp $ */ #include <stdio.h> #include "php.h" @@ -400,18 +400,19 @@ Escape shell metacharacters */ PHP_FUNCTION(escapeshellcmd) { - zval **arg1; + char *command; + int command_len; char *cmd = NULL; - if (zend_get_parameters_ex(1, &arg1) == FAILURE) { - WRONG_PARAM_COUNT; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) { + return; } - - convert_to_string_ex(arg1); - if (Z_STRLEN_PP(arg1)) { - cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1)); - RETVAL_STRING(cmd, 1); - efree(cmd); + + if (command_len) { + cmd = php_escape_shell_cmd(command); + RETVAL_STRING(cmd, 0); + } else { + RETVAL_EMPTY_STRING(); } } /* }}} */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php