ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Program Execution
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
Previous Comments:
------------------------------------------------------------------------
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
------------------------------------------------------------------------
[2002-01-22 05:32:01] [EMAIL PROTECTED]
Yes, I know the difference. That's why I tried several ways
(with/without quotation marks, with stripslashes($command),
with/without escaped spaces ('\ ') ), but it didn't work.
I asked several colleagues for advice (PHP and Linux-Freaks), but we
found no solution. But tell me: Does the script work on your system?
Maybe I have an error in my configuration....
Greets,
Oliver.
------------------------------------------------------------------------
[2002-01-22 05:07:13] [EMAIL PROTECTED]
you know the difference between exec() and system()?
exec() executes the given program passing the arguments
verbatim while system() creates a new shell process
and passes the command to the shell for execution
with exec you have no argument processing like
wildcard matching and things at all so your
quote characters will stay in the input
------------------------------------------------------------------------
[2002-01-22 04:47:37] [EMAIL PROTECTED]
I did cut an paste your Script. On the Debian-System (which is not
authorized @denic to search for a person) it returns on line 14:
% No entries found for the selected source: ""Dirk Janssen""
It seems as if the quotation marks are passed thru. When I call the
command on the shell, it returns (line 14 again):
% No entries found for the selected source: "Dirk Janssen"
Watch the quotation marks! And that's the problem (maybe a bug) I
think. The result in the shell is ok, since the host is not authorized
to search for people.
On the authorized solaris-box, the whois-call on the shell returns the
DENIC-Handle, etc.
The exec()-call (your cut'n'pasted script with "Dirk Janssen" as
searchstring) returns nothing. If I try it with "test.de", which
returns the info for the domain on the shell-call, the PHP-Script
returns the well-known output on line 14:
% No entries found for the selected source: ""test.de""
Once again, PHP seems to have a problem with the quotation-marks.
Ok, there is a difference: The quotation marks should not be passed
through to the whois-command. What whois needs is a parameter which has
the string 'Dirk Janssen' as value. PHP seems to send the string with
the quotation-marks - or when I try it without them - as two separated
parameters to the whois-function. Even if I try to connect the two
words with an '\ ' (escaped space). By the way, the escaped space works
on the shell:
shell> whois -h whois.denic.de Dirk\ Janssen
I don't know. I now do the whois-query through the socket, which is a
much better way then the exec()-alternative. But there must be a way to
do it with the exec()-command.....
Oliver.
------------------------------------------------------------------------
[2002-01-22 04:11:39] [EMAIL PROTECTED]
I'm running Debian here. Can you actually cut and paste
the script I posted before, and try it? The lines you posted
before wouldn't actually produce any output, which is why
I'm wondering...
Torben
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
