[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard exec.c

Tue, 08 Apr 2008 10:17:20 -0700 

iliaa           Tue Apr  8 17:17:07 2008 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    NEWS 
    /php-src/ext/standard       exec.c 
  Log:
  MFB: Bug #44650       escaepshellscmd() does not check arg count (port from 
5.3)
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1136&r2=1.2027.2.547.2.1137&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1136 php-src/NEWS:1.2027.2.547.2.1137
--- php-src/NEWS:1.2027.2.547.2.1136    Tue Apr  8 14:11:49 2008
+++ php-src/NEWS        Tue Apr  8 17:17:07 2008
@@ -3,6 +3,7 @@
 ?? Apr 2008, PHP 5.2.6
 - Fixed bug #44667 (proc_open() does not handle pipes with the mode 'wb'
   correctly). (Jani)
+- Fixed bug #44650 (escaepshellscmd() does not check arg count). (Ilia)
 - Fixed bug #44591 (imagegif's filename parameter). (Felipe)
 - Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build)
   (stotty at tvnet dot hu)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.9&r2=1.113.2.3.2.10&diff_format=u
Index: php-src/ext/standard/exec.c
diff -u php-src/ext/standard/exec.c:1.113.2.3.2.9 
php-src/ext/standard/exec.c:1.113.2.3.2.10
--- php-src/ext/standard/exec.c:1.113.2.3.2.9   Sun Mar 30 12:17:39 2008
+++ php-src/ext/standard/exec.c Tue Apr  8 17:17:07 2008
@@ -16,7 +16,7 @@
    |         Ilia Alshanetsky <[EMAIL PROTECTED]>                             |
    +----------------------------------------------------------------------+
  */
-/* $Id: exec.c,v 1.113.2.3.2.9 2008/03/30 12:17:39 felipe Exp $ */
+/* $Id: exec.c,v 1.113.2.3.2.10 2008/04/08 17:17:07 iliaa Exp $ */
 
 #include <stdio.h>
 #include "php.h"
@@ -400,18 +400,19 @@
    Escape shell metacharacters */
 PHP_FUNCTION(escapeshellcmd)
 {
-       zval **arg1;
+       char *command;
+       int command_len;
        char *cmd = NULL;
 
-       if (zend_get_parameters_ex(1, &arg1) == FAILURE) {
-               WRONG_PARAM_COUNT;
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, 
&command_len) == FAILURE) {
+               return;
        }
-       
-       convert_to_string_ex(arg1);
-       if (Z_STRLEN_PP(arg1)) {
-               cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1));
-               RETVAL_STRING(cmd, 1);
-               efree(cmd);
+
+       if (command_len) {
+               cmd = php_escape_shell_cmd(command);
+               RETVAL_STRING(cmd, 0);
+       } else {
+               RETVAL_EMPTY_STRING();
        }
 }
 /* }}} */



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to