revert changes to fix bug #60116.

2024-09-23 10:57:26 +00:00 · 2011-11-11 14:52:56 +00:00 · 2011-11-11 14:52:56 +00:00 · 40a951ccad
commit 40a951ccad
parent d39dbdee24
5 changed files with 8 additions and 206 deletions
--- a/2
+++ b/2
@ -3,8 +3,6 @@ PHP                                                                        NEWS
 ?? ??? 2011, PHP 5.4.0 RC2

 - Core:
-  . Fixed bug #60116 (escapeshellcmd() cannot escape the characters 
-     which cause shell command injection). (rui)
  . Fixed bug #60227 (header() cannot detect the multi-line header with 
     CR(0x0D)). (rui)

--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@ -3583,7 +3583,6 @@ PHP_MINIT_FUNCTION(basic) /* {{{ */
 #endif

 	register_phpinfo_constants(INIT_FUNC_ARGS_PASSTHRU);
-	register_exec_constants(INIT_FUNC_ARGS_PASSTHRU);
 	register_html_constants(INIT_FUNC_ARGS_PASSTHRU);
 	register_string_constants(INIT_FUNC_ARGS_PASSTHRU);

--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@ -50,16 +50,6 @@
 #include <unistd.h>
 #endif

-/* {{{ register_exec_constants
- *  */
-void register_exec_constants(INIT_FUNC_ARGS)
-{
-    REGISTER_LONG_CONSTANT("ESCAPE_CMD_PAIR", ESCAPE_CMD_PAIR, CONST_PERSISTENT|CONST_CS);
-    REGISTER_LONG_CONSTANT("ESCAPE_CMD_END", ESCAPE_CMD_END, CONST_PERSISTENT|CONST_CS);
-    REGISTER_LONG_CONSTANT("ESCAPE_CMD_ALL", ESCAPE_CMD_ALL, CONST_PERSISTENT|CONST_CS);
-}
-/* }}} */
-
 /* {{{ php_exec
 * If type==0, only last line of output is returned (exec)
 * If type==1, all lines will be printed and last lined returned (system)
@ -248,7 +238,7 @@ PHP_FUNCTION(passthru)

   *NOT* safe for binary strings
 */
-PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
+PHPAPI char *php_escape_shell_cmd(char *str)
 {
 	register int x, y, l = strlen(str);
 	char *cmd;
@ -276,25 +266,13 @@ PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
 #ifndef PHP_WIN32
 			case '"':
 			case '\'':
-				if (flag == ESCAPE_CMD_ALL) {
+				if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
+					/* noop */
+				} else if (p && *p == str[x]) {
+					p = NULL;
+				} else {
 					cmd[y++] = '\\';
 					cmd[y++] = str[x];
-				} else if (flag == ESCAPE_CMD_END) {
-					if ((x == 0 || x == l - 1) && (str[0] == str[l-1])) {
-						cmd[y++] = str[x];
-                    } else {
-                        cmd[y++] = '\\';
-                        cmd[y++] = str[x];
-                    }
-				} else { /* ESCAPE_CMD_PAIR */
-					if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
-						/* noop */
-					} else if (p && *p == str[x]) {
-						p = NULL;
-					} else {
-						cmd[y++] = '\\';
-					}
-					cmd[y++] = str[x];
 				}
 				break;
 #else
@ -349,14 +327,6 @@ PHPAPI char *php_escape_shell_cmd_ex(char *str, int flag)
 }
 /* }}} */

-/* {{{ php_escape_shell_cmd
- */
-PHPAPI char *php_escape_shell_cmd(char *str)
-{
-    return php_escape_shell_cmd_ex(str, ESCAPE_CMD_PAIR);
-}
-/* }}} */
-
 /* {{{ php_escape_shell_arg
 */
 PHPAPI char *php_escape_shell_arg(char *str)
@ -427,15 +397,14 @@ PHP_FUNCTION(escapeshellcmd)
 {
 	char *command;
 	int command_len;
-	long flag = ESCAPE_CMD_PAIR;
 	char *cmd = NULL;

-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &command, &command_len, &flag) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) {
 		return;
 	}

 	if (command_len) {
-		cmd = php_escape_shell_cmd_ex(command, flag);
+		cmd = php_escape_shell_cmd(command);
 		RETVAL_STRING(cmd, 0);
 	} else {
 		RETVAL_EMPTY_STRING();
--- a/ext/standard/exec.h
+++ b/ext/standard/exec.h
@ -21,10 +21,6 @@
 #ifndef EXEC_H
 #define EXEC_H

-#define ESCAPE_CMD_PAIR  0 
-#define ESCAPE_CMD_END   1 
-#define ESCAPE_CMD_ALL   2
-
 PHP_FUNCTION(system);
 PHP_FUNCTION(exec);
 PHP_FUNCTION(escapeshellcmd);
--- a/ext/standard/tests/general_functions/bug60116.phpt
+++ b/ext/standard/tests/general_functions/bug60116.phpt
@ -1,160 +0,0 @@
--TEST--
-Test escapeshellcmd() to escape the quotation
--SKIPIF--
-<?php
-if( substr(PHP_OS, 0, 3) == 'WIN' ) {
-   die('skip...Invalid for Windows');
-}
-?>
--FILE--
-<?php
-echo "*** Testing escapeshellcmd() escape the quotation ***\n";
-$data = array(
-	'"abc',
-	"'abc",
-	'?<>',
-	'()[]{}$',
-	'%^',
-	'#&;`|*?',
-	'~<>\\',
-	'%NOENV%',
-	"abc' 'def",
-	'abc" "def',
-	"'abc def'",
-	'"abc def"',
-);
-
-echo "case: default\n";
-
-$count = 1;
-foreach ($data AS $value) {
-	echo "-- Test " . $count++ . " --\n";
-	var_dump(escapeshellcmd($value));
-}
-
-echo "case: ESCAPE_CMD_PAIR\n";
-$count = 1;
-foreach ($data AS $value) {
-	echo "-- Test " . $count++ . " --\n";
-	var_dump(escapeshellcmd($value, ESCAPE_CMD_PAIR));
-}
-
-echo "case: ESCAPE_CMD_END\n";
-$count = 1;
-foreach ($data AS $value) {
-	echo "-- Test " . $count++ . " --\n";
-	var_dump(escapeshellcmd($value, ESCAPE_CMD_END));
-}
-
-echo "case: ESCAPE_CMD_ALL\n";
-$count = 1;
-foreach ($data AS $value) {
-	echo "-- Test " . $count++ . " --\n";
-	var_dump(escapeshellcmd($value, ESCAPE_CMD_ALL));
-}
-
-echo "Done\n";
-?>
--EXPECTF--
-*** Testing escapeshellcmd() escape the quotation ***
-case: default
-- Test 1 --
-string(5) "\"abc"
-- Test 2 --
-string(5) "\'abc"
-- Test 3 --
-string(6) "\?\<\>"
-- Test 4 --
-string(14) "\(\)\[\]\{\}\$"
-- Test 5 --
-string(3) "%\^"
-- Test 6 --
-string(14) "\#\&\;\`\|\*\?"
-- Test 7 --
-string(8) "\~\<\>\\"
-- Test 8 --
-string(7) "%NOENV%"
-- Test 9 --
-string(9) "abc' 'def"
-- Test 10 --
-string(9) "abc" "def"
-- Test 11 --
-string(9) "'abc def'"
-- Test 12 --
-string(9) ""abc def""
-case: ESCAPE_CMD_PAIR
-- Test 1 --
-string(5) "\"abc"
-- Test 2 --
-string(5) "\'abc"
-- Test 3 --
-string(6) "\?\<\>"
-- Test 4 --
-string(14) "\(\)\[\]\{\}\$"
-- Test 5 --
-string(3) "%\^"
-- Test 6 --
-string(14) "\#\&\;\`\|\*\?"
-- Test 7 --
-string(8) "\~\<\>\\"
-- Test 8 --
-string(7) "%NOENV%"
-- Test 9 --
-string(9) "abc' 'def"
-- Test 10 --
-string(9) "abc" "def"
-- Test 11 --
-string(9) "'abc def'"
-- Test 12 --
-string(9) ""abc def""
-case: ESCAPE_CMD_END
-- Test 1 --
-string(5) "\"abc"
-- Test 2 --
-string(5) "\'abc"
-- Test 3 --
-string(6) "\?\<\>"
-- Test 4 --
-string(14) "\(\)\[\]\{\}\$"
-- Test 5 --
-string(3) "%\^"
-- Test 6 --
-string(14) "\#\&\;\`\|\*\?"
-- Test 7 --
-string(8) "\~\<\>\\"
-- Test 8 --
-string(7) "%NOENV%"
-- Test 9 --
-string(11) "abc\' \'def"
-- Test 10 --
-string(11) "abc\" \"def"
-- Test 11 --
-string(9) "'abc def'"
-- Test 12 --
-string(9) ""abc def""
-case: ESCAPE_CMD_ALL
-- Test 1 --
-string(5) "\"abc"
-- Test 2 --
-string(5) "\'abc"
-- Test 3 --
-string(6) "\?\<\>"
-- Test 4 --
-string(14) "\(\)\[\]\{\}\$"
-- Test 5 --
-string(3) "%\^"
-- Test 6 --
-string(14) "\#\&\;\`\|\*\?"
-- Test 7 --
-string(8) "\~\<\>\\"
-- Test 8 --
-string(7) "%NOENV%"
-- Test 9 --
-string(11) "abc\' \'def"
-- Test 10 --
-string(11) "abc\" \"def"
-- Test 11 --
-string(11) "\'abc def\'"
-- Test 12 --
-string(11) "\"abc def\""
-Done