ID: 15157
Comment by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
You got it! When I disable the safe_mode, the following works:
exec('whois -h whois.denic.de "Dirk Janssen"',$output);
The little c-prog returns now (safe-mode off) the right output.
But please tell me: Is it possible to execute a command like this
whois-call in safe-mode? I don't get it to work! And if not, whats the
solution?
Thanx for the support,
Oliver.
Previous Comments:
------------------------------------------------------------------------
[2002-01-22 06:10:22] [EMAIL PROTECTED]
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] => % No entries found for the selected source: "Dirk Janssen"
I take it you don't get the right result from an authorized
server?
Torben
------------------------------------------------------------------------
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8<----- argdump.c --------------------------------
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
int i;
for(i=0;i<argc;i++) printf("%d: %s\n",i,argv[i]);
return EXIT_SUCCESS;
}
---------------------------------------->8-----------
and try the following PHP script (with argdump in $PATH)
---8<----- test.php --------------------------------
<?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo "\n\n$cmd\n";
print_r($res);
}
do_exec("argdump -h whois.denic.de Penelope\ Cruz");
do_exec("argdump -h whois.denic.de \"Penelope\ Cruz\"");
do_exec("argdump -h whois.denic.de \"Penelope Cruz\"");
do_exec("argdump -h whois.denic.de 'Penelope\ Cruz'");
do_exec("argdump -h whois.denic.de ".'"'."Penelope Cruz".'"');
?>
---------------------------------------->8-----------
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de "Penelope\ Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
------------------------------------------------------------------------
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
------------------------------------------------------------------------
[2002-01-22 05:42:03] [EMAIL PROTECTED]
Run phpinfo(). Is safe_mode 'On' or 'Off'? You would get this
result if, for instance, safe_mode was 'On' and whois was
in your safe_mode_exec_dir.
Torben
------------------------------------------------------------------------
[2002-01-22 05:36:43] [EMAIL PROTECTED]
Did I mention, that I tried system(), too? It's just the desperate
attempt to get that thing to work.
In my opinion PHP doesn't allow to pass two or more words as one
parameter to a function.
Oliver.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
