ID: 15157
Updated by: torben
Old Summary: exec()/system() doesn't work with parameters in
quotation-marks in system-call
Reported By: [EMAIL PROTECTED]
Status: Analyzed
Bug Type: Documentation problem
Operating System: Linux (Debian) / Solaris 8
PHP Version: 4.1.0
New Comment:
None that I'm aware of at the moment, but I don't use
safe_mode much so that doesn't necessarily mean anything. :)
The other problem is that it's 3:33 in the morning here and
I'm just about unable to think straight. For the time being,
if you have access to the server configs, maybe you can just
turn off safe_mode for that host?
Good night,
Torben
Previous Comments:
------------------------------------------------------------------------
[2002-01-22 06:30:28] [EMAIL PROTECTED]
I forgot to mention, that in safe_mode the whois like Torben described
didn't work. argdump returns, that "Dirk" and "Janssen" are different
parameters.
No solution for safe-mode?
Oliver
------------------------------------------------------------------------
[2002-01-22 06:24:59] [EMAIL PROTECTED]
You got it! When I disable the safe_mode, the following works:
exec('whois -h whois.denic.de "Dirk Janssen"',$output);
The little c-prog returns now (safe-mode off) the right output.
But please tell me: Is it possible to execute a command like this
whois-call in safe-mode? I don't get it to work! And if not, whats the
solution?
Thanx for the support,
Oliver.
------------------------------------------------------------------------
[2002-01-22 06:10:22] [EMAIL PROTECTED]
Hartmut, you should reread the bug report.
Oliver,
I'm reopening this and reclassifying it as a Documentation
Problem. When safe_mode is on, the arguments are passed
through a function which escapes potentially dangerous
characters--including the quote characters. However, this
behaviour does not appear to be documented anywhere.
When I enable safe_mode, I get the result you describe.
However, when I remove the quotes and use this:
exec('whois -h whois.denic.de Dirk Janssen', $output);
...I get the proper result on line 14:
[14] => % No entries found for the selected source: "Dirk Janssen"
I take it you don't get the right result from an authorized
server?
Torben
------------------------------------------------------------------------
[2002-01-22 05:54:32] [EMAIL PROTECTED]
please compile this little C program 'argdump'
---8<----- argdump.c --------------------------------
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
int i;
for(i=0;i<argc;i++) printf("%d: %s\n",i,argv[i]);
return EXIT_SUCCESS;
}
---------------------------------------->8-----------
and try the following PHP script (with argdump in $PATH)
---8<----- test.php --------------------------------
<?php
function do_exec($cmd) {
$res=array();
exec($cmd,$res);
echo "\n\n$cmd\n";
print_r($res);
}
do_exec("argdump -h whois.denic.de Penelope\ Cruz");
do_exec("argdump -h whois.denic.de \"Penelope\ Cruz\"");
do_exec("argdump -h whois.denic.de \"Penelope Cruz\"");
do_exec("argdump -h whois.denic.de 'Penelope\ Cruz'");
do_exec("argdump -h whois.denic.de ".'"'."Penelope Cruz".'"');
?>
---------------------------------------->8-----------
my results are:
argdump -h whois.denic.de Penelope\ Cruz
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de "Penelope\ Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
argdump -h whois.denic.de 'Penelope\ Cruz'
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope\ Cruz
)
argdump -h whois.denic.de "Penelope Cruz"
Array
(
[0] => 0: argdump
[1] => 1: -h
[2] => 2: whois.denic.de
[3] => 3: Penelope Cruz
)
on *both* linux (SuSE 7.3) and Solaris (SunOS 5.5.1 and 5.7)
------------------------------------------------------------------------
[2002-01-22 05:45:28] [EMAIL PROTECTED]
I'm running safe-mode (of cause!) and have an symbolic link to
/usr/bin/whois in my safe-mode-exec-dir.
Oliver
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=15157
Edit this bug report at http://bugs.php.net/?id=15157&edit=1
