Hi Pierre,

I only tested on Linux.

This patch is not related to Win32, because the quotation is always
escaped on Win32.

I will add the test script within couple of days,
and I will updated the document soon.


Pierre Joye wrote:
> hi Rui,
> Did you test it that on other platforms than linux?
> It will also be nice to add tests case for this as this function
> (actually both escape args and cmds) has suffered from lack of testing
> on all platforms in the last php releases.
> Btw, update the upgrading guide too :)
> On Sun, Oct 23, 2011 at 3:49 PM, Rui Hirokawa <hirok...@php.net> wrote:
>> hirokawa                                 Sun, 23 Oct 2011 13:49:54 +0000
>> Revision: http://svn.php.net/viewvc?view=revision&revision=318342
>> Log:
>> fixed bug #60116 escapeshellcmd() cannot escape the dangerous quotes.
>> Bug: https://bugs.php.net/60116 (Open) escapeshellcmd() cannot escape the 
>> chars which causes shell injection.
>> Changed paths:
>>    U   php/php-src/trunk/ext/standard/basic_functions.c
>>    U   php/php-src/trunk/ext/standard/exec.c
>>    U   php/php-src/trunk/ext/standard/exec.h

PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to