Hi Pierre, I only tested on Linux.
This patch is not related to Win32, because the quotation is always escaped on Win32. I will add the test script within couple of days, and I will updated the document soon. Rui Pierre Joye wrote: > hi Rui, > > Did you test it that on other platforms than linux? > > It will also be nice to add tests case for this as this function > (actually both escape args and cmds) has suffered from lack of testing > on all platforms in the last php releases. > > Btw, update the upgrading guide too :) > > On Sun, Oct 23, 2011 at 3:49 PM, Rui Hirokawa <hirok...@php.net> wrote: >> hirokawa Sun, 23 Oct 2011 13:49:54 +0000 >> >> Revision: http://svn.php.net/viewvc?view=revision&revision=318342 >> >> Log: >> fixed bug #60116 escapeshellcmd() cannot escape the dangerous quotes. >> >> Bug: https://bugs.php.net/60116 (Open) escapeshellcmd() cannot escape the >> chars which causes shell injection. >> >> Changed paths: >> U php/php-src/trunk/ext/standard/basic_functions.c >> U php/php-src/trunk/ext/standard/exec.c >> U php/php-src/trunk/ext/standard/exec.h >> -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php