-
Notifications
You must be signed in to change notification settings - Fork 105
/
Copy pathescapeshellcmd.xml
136 lines (127 loc) · 4.01 KB
/
escapeshellcmd.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<!-- EN-Revision: 62126c55f1c6ed444043e7272c4f9e233818a44b Maintainer: yuanyuqiang Status: ready -->
<!-- CREDITS: mowangjuanzi, Luffy -->
<!-- splitted from ./en/functions/exec.xml, last change in rev 1.2 -->
<refentry xml:id="function.escapeshellcmd" xmlns="http://docbook.org/ns/docbook">
<refnamediv>
<refname>escapeshellcmd</refname>
<refpurpose>shell 元字符转义</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>string</type><methodname>escapeshellcmd</methodname>
<methodparam><type>string</type><parameter>command</parameter></methodparam>
</methodsynopsis>
<para>
<function>escapeshellcmd</function> 对字符串中可能会欺骗
shell 命令执行任意命令的字符进行转义。
此函数保证用户输入的数据在传送到
<function>exec</function> 或
<function>system</function> 函数,或者 <link
linkend="language.operators.execution">执行操作符</link> 之前进行转义。
</para>
<para>
反斜线(\)会在以下字符之前插入:<literal>&#;`|*?~<>^()[]{}$\</literal>、<literal>\x0A</literal>
和 <literal>\xFF</literal>。 <literal>'</literal> 和 <literal>"</literal>
仅在不配对儿的时候被转义。在 Windows 平台上,所有这些字符以及 <literal>%</literal>
和 <literal>!</literal> 字符前面都有一个插入符号(<literal>^</literal>)。
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<para>
<variablelist>
<varlistentry>
<term><parameter>command</parameter></term>
<listitem>
<para>
要转义的命令。
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
转义后的字符串。
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>escapeshellcmd</function> example</title>
<programlisting role="php">
<![CDATA[
<?php
// 我们故意允许任意数量的参数
$command = './configure '.$_POST['configure_options'];
$escaped_command = escapeshellcmd($command);
system($escaped_command);
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
<refsect1 role="notes">
&reftitle.notes;
<warning xmlns="http://docbook.org/ns/docbook">
<para>
<function>escapeshellcmd</function> 应被用在完整的命令字符串上。
即使如此,攻击者还是可以传入任意数量的参数。
请使用 <function>escapeshellarg</function> 函数
对单个参数进行转义。
</para>
</warning>
<warning xmlns="http://docbook.org/ns/docbook">
<para>
<function>escapeshellcmd</function> 不会对空格转义,这在 Windows
上对这样的路径(比如<literal>C:\Program
Files\ProgramName\program.exe</literal>)可能会有出现问题。可以使用如下代码暂时解决:
<programlisting role="php">
<![CDATA[
<?php
$cmd = preg_replace('`(?<!^) `', '^ ', escapeshellcmd($cmd));
]]>
</programlisting>
</para>
</warning>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>escapeshellarg</function></member>
<member><function>exec</function></member>
<member><function>popen</function></member>
<member><function>system</function></member>
<member><link linkend="language.operators.execution">执行运算符</link></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->