[TYPO3-core] RFC bug: #16797: t3lib_stdGraphic::wrapFileName performs escapeshellarg even in safe_mode
Helmut Hummel
helmut.hummel at typo3.org
Tue Dec 28 15:52:32 CET 2010
Hi,
Am 21.12.2010 15:13, schrieb Jigal van Hemert:
>
> Problem:
> When safe_mode is on PHP will perform escapeshellcmd on each command
> sent to the exec() function. When escapeshellarg() is performed on each
> argument problem characters are escaped twice.
>
> Solution:
> only perform escapeshellarg() when safe_mode is off.
escapeshellcmd() is not escapeshellarg()
Skipping escapeshellarg() in safe mode could lead to problems with
filenames with spaces.
$file = 'foo bar.txt';
$cmd = 'cat ' . $file;
The command executed in safe mode would be:
cat foo bar.txt
which is not the same as:
cat 'foo bar.txt'
Besides that, your patch fixes another issue with uft-8 filenames. This
is important, but should be another RFC as it's totally unrelated to the
original problem.
Regards, Helmut
More information about the TYPO3-team-core
mailing list