[TYPO3-core] RFC #16656 : bug : ImageMagick does not work with quotes in exec() path on Windows
Helmut Hummel
helmut.hummel at typo3.org
Sun Jan 2 14:31:00 CET 2011
Hi,
On 29.12.10 23:12, Jigal van Hemert wrote:
>
> On 21-12-2010 17:16, Helmut Hummel wrote:
>>
>> That's why escapeshellarg()was added around the im/gm path, but as
>> mentioned in #16755 this is wrong and escapeshellcmd would be
>> sufficient. Did you test this?
>
> escapeshellcmd() does not add quotes around the argument. So it is
> useless for handling paths to executables with spaces in them.
Sorry Jigal, you're absolutely right!
> I don't know all file systems available on Windows, *nix, etc., but if
> one of them allows quotes or double quotes in parts of the path or file
> name these quotes must be escaped. It still feels appropriate to use
> escapeshellarg() for this.
>
> Now that we have t3lib_utility_Command, I've adapted the patch to use
> that class. Attached v2.
+1 by reading, I try to reproduce the error and test the fix, I was not
able to do so until now.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list