This refers to bug 18843 ( http://bugs.php.net/bug.php?id=13843 )
I'm willing to give a shot at coding the fix for this bug, provided that the proposed resolutions (below) are approved by somebody with cvs commit powers. Otherwise, let's discuss how to fix it some other way. Right now magic behavior of exec() and friends under safe mode is not even documented anywhere (at least not under "Safe Mode" or individual sections for each of the functions), and is the cause of really unreasonable limitations. Problem 1: ---------- Under safe mode PHP programmer has no mechanism of passing command-line parameters that contain spaces to programs with exec() et al. Proposed Resolution: -------------------- Allow an array to be passed as the first argument of exec() and friends, with the following semantics: o If the first argument is a string, the functions' semantics is the same as it is now. This way the new interface is 100% backward-compatible. o If the first argument is an array, we assume that: - the first element of the array is the command to be executed, - and all other elements are command-line parameters - if PHP is in safe mode, quote each parameter separately This way the command line and the parameters can be quoted properly under safe mode, and still allow blanks in parameters. Problem 2: ---------- Under safe mode a programmer has no mechanism to do include "2>&1" in the command line with exec() et all. Proposed resolution: -------------------- Given the interface improvement as explained above, if the _last element_ of the array passed as the first parameter of exec() is a token "2>&1", treat it as a special case and _don't_ magically escape it under safe mode. Many thanks, -- Arcady Genkin -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
