mirror of
https://github.com/php/php-src.git
synced 2024-09-23 10:57:26 +00:00
revert changes to fix bug #60116.
This commit is contained in:
parent
d39dbdee24
commit
40a951ccad
2
NEWS
2
NEWS
@ -3,8 +3,6 @@ PHP NEWS
|
||||
?? ??? 2011, PHP 5.4.0 RC2
|
||||
|
||||
- Core:
|
||||
. Fixed bug #60116 (escapeshellcmd() cannot escape the characters
|
||||
which cause shell command injection). (rui)
|
||||
. Fixed bug #60227 (header() cannot detect the multi-line header with
|
||||
CR(0x0D)). (rui)
|
||||
|
||||
|
@ -3583,7 +3583,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
|
||||
#endif
|
||||
|
||||
register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU);
|
||||
register_exec_constants(INIT_FUNC_ARGS_PASSTHRU);
|
||||
register_html_constants(INIT_FUNC_ARGS_PASSTHRU);
|
||||
register_string_constants(INIT_FUNC_ARGS_PASSTHRU);
|
||||
|
||||
|
@ -50,16 +50,6 @@
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
/* {{{ register_exec_constants
|
||||
* */
|
||||
void register_exec_constants(INIT_FUNC_ARGS)
|
||||
{
|
||||
REGISTER_LONG_CONSTANT("ESCAPE_CMD_PAIR", ESCAPE_CMD_PAIR, CONST_PERSISTENT|CONST_CS);
|
||||
REGISTER_LONG_CONSTANT("ESCAPE_CMD_END", ESCAPE_CMD_END, CONST_PERSISTENT|CONST_CS);
|
||||
REGISTER_LONG_CONSTANT("ESCAPE_CMD_ALL", ESCAPE_CMD_ALL, CONST_PERSISTENT|CONST_CS);
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
/* {{{ php_exec
|
||||
* If type==0, only last line of output is returned (exec)
|
||||
* If type==1, all lines will be printed and last lined returned (system)
|
||||
@ -248,7 +238,7 @@ PHP_FUNCTION(passthru)
|
||||
|
||||
*NOT* safe for binary strings
|
||||
*/
|
||||
PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
|
||||
PHPAPI char *php_escape_shell_cmd(char *str)
|
||||
{
|
||||
register int x, y, l = strlen(str);
|
||||
char *cmd;
|
||||
@ -276,25 +266,13 @@ PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
|
||||
#ifndef PHP_WIN32
|
||||
case '"':
|
||||
case '\'':
|
||||
if (flag == ESCAPE_CMD_ALL) {
|
||||
if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
|
||||
/* noop */
|
||||
} else if (p && *p == str[x]) {
|
||||
p = NULL;
|
||||
} else {
|
||||
cmd[y++] = '\\';
|
||||
cmd[y++] = str[x];
|
||||
} else if (flag == ESCAPE_CMD_END) {
|
||||
if ((x == 0 || x == l - 1) && (str[0] == str[l-1])) {
|
||||
cmd[y++] = str[x];
|
||||
} else {
|
||||
cmd[y++] = '\\';
|
||||
cmd[y++] = str[x];
|
||||
}
|
||||
} else { /* ESCAPE_CMD_PAIR */
|
||||
if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
|
||||
/* noop */
|
||||
} else if (p && *p == str[x]) {
|
||||
p = NULL;
|
||||
} else {
|
||||
cmd[y++] = '\\';
|
||||
}
|
||||
cmd[y++] = str[x];
|
||||
}
|
||||
break;
|
||||
#else
|
||||
@ -349,14 +327,6 @@ PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
/* {{{ php_escape_shell_cmd
|
||||
*/
|
||||
PHPAPI char *php_escape_shell_cmd(char *str)
|
||||
{
|
||||
return php_escape_shell_cmd_ex(str, ESCAPE_CMD_PAIR);
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
/* {{{ php_escape_shell_arg
|
||||
*/
|
||||
PHPAPI char *php_escape_shell_arg(char *str)
|
||||
@ -427,15 +397,14 @@ PHP_FUNCTION(escapeshellcmd)
|
||||
{
|
||||
char *command;
|
||||
int command_len;
|
||||
long flag = ESCAPE_CMD_PAIR;
|
||||
char *cmd = NULL;
|
||||
|
||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &command, &command_len, &flag) == FAILURE) {
|
||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (command_len) {
|
||||
cmd = php_escape_shell_cmd_ex(command, flag);
|
||||
cmd = php_escape_shell_cmd(command);
|
||||
RETVAL_STRING(cmd, 0);
|
||||
} else {
|
||||
RETVAL_EMPTY_STRING();
|
||||
|
@ -21,10 +21,6 @@
|
||||
#ifndef EXEC_H
|
||||
#define EXEC_H
|
||||
|
||||
#define ESCAPE_CMD_PAIR 0
|
||||
#define ESCAPE_CMD_END 1
|
||||
#define ESCAPE_CMD_ALL 2
|
||||
|
||||
PHP_FUNCTION(system);
|
||||
PHP_FUNCTION(exec);
|
||||
PHP_FUNCTION(escapeshellcmd);
|
||||
|
@ -1,160 +0,0 @@
|
||||
--TEST--
|
||||
Test escapeshellcmd() to escape the quotation
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if( substr(PHP_OS, 0, 3) == 'WIN' ) {
|
||||
die('skip...Invalid for Windows');
|
||||
}
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
echo "*** Testing escapeshellcmd() escape the quotation ***\n";
|
||||
$data = array(
|
||||
'"abc',
|
||||
"'abc",
|
||||
'?<>',
|
||||
'()[]{}$',
|
||||
'%^',
|
||||
'#&;`|*?',
|
||||
'~<>\\',
|
||||
'%NOENV%',
|
||||
"abc' 'def",
|
||||
'abc" "def',
|
||||
"'abc def'",
|
||||
'"abc def"',
|
||||
);
|
||||
|
||||
echo "case: default\n";
|
||||
|
||||
$count = 1;
|
||||
foreach ($data AS $value) {
|
||||
echo "-- Test " . $count++ . " --\n";
|
||||
var_dump(escapeshellcmd($value));
|
||||
}
|
||||
|
||||
echo "case: ESCAPE_CMD_PAIR\n";
|
||||
$count = 1;
|
||||
foreach ($data AS $value) {
|
||||
echo "-- Test " . $count++ . " --\n";
|
||||
var_dump(escapeshellcmd($value, ESCAPE_CMD_PAIR));
|
||||
}
|
||||
|
||||
echo "case: ESCAPE_CMD_END\n";
|
||||
$count = 1;
|
||||
foreach ($data AS $value) {
|
||||
echo "-- Test " . $count++ . " --\n";
|
||||
var_dump(escapeshellcmd($value, ESCAPE_CMD_END));
|
||||
}
|
||||
|
||||
echo "case: ESCAPE_CMD_ALL\n";
|
||||
$count = 1;
|
||||
foreach ($data AS $value) {
|
||||
echo "-- Test " . $count++ . " --\n";
|
||||
var_dump(escapeshellcmd($value, ESCAPE_CMD_ALL));
|
||||
}
|
||||
|
||||
echo "Done\n";
|
||||
?>
|
||||
--EXPECTF--
|
||||
*** Testing escapeshellcmd() escape the quotation ***
|
||||
case: default
|
||||
-- Test 1 --
|
||||
string(5) "\"abc"
|
||||
-- Test 2 --
|
||||
string(5) "\'abc"
|
||||
-- Test 3 --
|
||||
string(6) "\?\<\>"
|
||||
-- Test 4 --
|
||||
string(14) "\(\)\[\]\{\}\$"
|
||||
-- Test 5 --
|
||||
string(3) "%\^"
|
||||
-- Test 6 --
|
||||
string(14) "\#\&\;\`\|\*\?"
|
||||
-- Test 7 --
|
||||
string(8) "\~\<\>\\"
|
||||
-- Test 8 --
|
||||
string(7) "%NOENV%"
|
||||
-- Test 9 --
|
||||
string(9) "abc' 'def"
|
||||
-- Test 10 --
|
||||
string(9) "abc" "def"
|
||||
-- Test 11 --
|
||||
string(9) "'abc def'"
|
||||
-- Test 12 --
|
||||
string(9) ""abc def""
|
||||
case: ESCAPE_CMD_PAIR
|
||||
-- Test 1 --
|
||||
string(5) "\"abc"
|
||||
-- Test 2 --
|
||||
string(5) "\'abc"
|
||||
-- Test 3 --
|
||||
string(6) "\?\<\>"
|
||||
-- Test 4 --
|
||||
string(14) "\(\)\[\]\{\}\$"
|
||||
-- Test 5 --
|
||||
string(3) "%\^"
|
||||
-- Test 6 --
|
||||
string(14) "\#\&\;\`\|\*\?"
|
||||
-- Test 7 --
|
||||
string(8) "\~\<\>\\"
|
||||
-- Test 8 --
|
||||
string(7) "%NOENV%"
|
||||
-- Test 9 --
|
||||
string(9) "abc' 'def"
|
||||
-- Test 10 --
|
||||
string(9) "abc" "def"
|
||||
-- Test 11 --
|
||||
string(9) "'abc def'"
|
||||
-- Test 12 --
|
||||
string(9) ""abc def""
|
||||
case: ESCAPE_CMD_END
|
||||
-- Test 1 --
|
||||
string(5) "\"abc"
|
||||
-- Test 2 --
|
||||
string(5) "\'abc"
|
||||
-- Test 3 --
|
||||
string(6) "\?\<\>"
|
||||
-- Test 4 --
|
||||
string(14) "\(\)\[\]\{\}\$"
|
||||
-- Test 5 --
|
||||
string(3) "%\^"
|
||||
-- Test 6 --
|
||||
string(14) "\#\&\;\`\|\*\?"
|
||||
-- Test 7 --
|
||||
string(8) "\~\<\>\\"
|
||||
-- Test 8 --
|
||||
string(7) "%NOENV%"
|
||||
-- Test 9 --
|
||||
string(11) "abc\' \'def"
|
||||
-- Test 10 --
|
||||
string(11) "abc\" \"def"
|
||||
-- Test 11 --
|
||||
string(9) "'abc def'"
|
||||
-- Test 12 --
|
||||
string(9) ""abc def""
|
||||
case: ESCAPE_CMD_ALL
|
||||
-- Test 1 --
|
||||
string(5) "\"abc"
|
||||
-- Test 2 --
|
||||
string(5) "\'abc"
|
||||
-- Test 3 --
|
||||
string(6) "\?\<\>"
|
||||
-- Test 4 --
|
||||
string(14) "\(\)\[\]\{\}\$"
|
||||
-- Test 5 --
|
||||
string(3) "%\^"
|
||||
-- Test 6 --
|
||||
string(14) "\#\&\;\`\|\*\?"
|
||||
-- Test 7 --
|
||||
string(8) "\~\<\>\\"
|
||||
-- Test 8 --
|
||||
string(7) "%NOENV%"
|
||||
-- Test 9 --
|
||||
string(11) "abc\' \'def"
|
||||
-- Test 10 --
|
||||
string(11) "abc\" \"def"
|
||||
-- Test 11 --
|
||||
string(11) "\'abc def\'"
|
||||
-- Test 12 --
|
||||
string(11) "\"abc def\""
|
||||
Done
|
Loading…
Reference in New Issue
Block a user