[TYPO3-core] RFC #16656 : bug : ImageMagick does not work with quotes in exec() path on Windows

Jigal van Hemert jigal at xs4all.nl
Sun Jan 2 21:44:16 CET 2011


Hi,

On 2-1-2011 18:13, Helmut Hummel wrote:
> I still did not manage test this on Windows, but I'm pretty sure this
> will also fail on Windows if safe_mode is on, because in safe_mode
> escapeshellcmd() is executed[1], which means that all "&" are replaced
> by " ".[2]
>
> Then the complete command would be:
>
> c:   "c:/path/to/gm.exe"

The PHP documentation says that escapeshellcmd will replace a lot of 
characters with a space, but in reality it does not.

Check with:

<table border="1" cellpadding="4" cellspacing="0">
<?php
$format = '<tr align="center"><td>%s</td><td>%s</td><td>%s</td></tr>' . 
"\n";
printf ($format, 'ASCII', 'Character', 'Escaped');

for ($ord = 0; $ord < 256; ++$ord) {
     $chr = chr($ord);
     $esc = escapeshellcmd($chr);
     $chr != $esc and printf ($format, $ord, $chr, $esc);
}
?>
</table>


And you'll see exactly which characters are modified. Maybe the function 
behaves differently in safe_mode?

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh


More information about the TYPO3-team-core mailing list