mirror of
https://github.com/php/php-src.git
synced 2025-08-15 13:38:49 +02:00
560 lines
12 KiB
C
560 lines
12 KiB
C
/*
|
|
+----------------------------------------------------------------------+
|
|
| Copyright (c) The PHP Group |
|
|
+----------------------------------------------------------------------+
|
|
| This source file is subject to version 3.01 of the PHP license, |
|
|
| that is bundled with this package in the file LICENSE, and is |
|
|
| available through the world-wide-web at the following url: |
|
|
| https://www.php.net/license/3_01.txt |
|
|
| If you did not receive a copy of the PHP license and are unable to |
|
|
| obtain it through the world-wide-web, please send a note to |
|
|
| license@php.net so we can mail you a copy immediately. |
|
|
+----------------------------------------------------------------------+
|
|
| Author: Rasmus Lerdorf <rasmus@php.net> |
|
|
| Ilia Alshanetsky <iliaa@php.net> |
|
|
+----------------------------------------------------------------------+
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include "php.h"
|
|
#include <ctype.h>
|
|
#include "php_string.h"
|
|
#include "ext/standard/file.h"
|
|
#include "basic_functions.h"
|
|
#include "exec.h"
|
|
#include "SAPI.h"
|
|
|
|
#ifdef HAVE_SYS_WAIT_H
|
|
#include <sys/wait.h>
|
|
#endif
|
|
|
|
#include <signal.h>
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
#include <sys/types.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_STAT_H
|
|
#include <sys/stat.h>
|
|
#endif
|
|
#ifdef HAVE_FCNTL_H
|
|
#include <fcntl.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#include <limits.h>
|
|
|
|
#ifdef PHP_WIN32
|
|
# include "win32/nice.h"
|
|
#endif
|
|
|
|
static size_t cmd_max_len;
|
|
|
|
/* {{{ PHP_MINIT_FUNCTION(exec) */
|
|
PHP_MINIT_FUNCTION(exec)
|
|
{
|
|
#ifdef _SC_ARG_MAX
|
|
cmd_max_len = sysconf(_SC_ARG_MAX);
|
|
if ((size_t)-1 == cmd_max_len) {
|
|
#ifdef _POSIX_ARG_MAX
|
|
cmd_max_len = _POSIX_ARG_MAX;
|
|
#else
|
|
cmd_max_len = 4096;
|
|
#endif
|
|
}
|
|
#elif defined(ARG_MAX)
|
|
cmd_max_len = ARG_MAX;
|
|
#elif defined(PHP_WIN32)
|
|
/* Executed commands will run through cmd.exe. As long as it's the case,
|
|
it's just the constant limit.*/
|
|
cmd_max_len = 8192;
|
|
#else
|
|
/* This is just an arbitrary value for the fallback case. */
|
|
cmd_max_len = 4096;
|
|
#endif
|
|
|
|
return SUCCESS;
|
|
}
|
|
/* }}} */
|
|
|
|
static size_t strip_trailing_whitespace(char *buf, size_t bufl) {
|
|
size_t l = bufl;
|
|
while (l-- > 0 && isspace(((unsigned char *)buf)[l]));
|
|
if (l != (bufl - 1)) {
|
|
bufl = l + 1;
|
|
buf[bufl] = '\0';
|
|
}
|
|
return bufl;
|
|
}
|
|
|
|
static size_t handle_line(int type, zval *array, char *buf, size_t bufl) {
|
|
if (type == 1) {
|
|
PHPWRITE(buf, bufl);
|
|
if (php_output_get_level() < 1) {
|
|
sapi_flush();
|
|
}
|
|
} else if (type == 2) {
|
|
bufl = strip_trailing_whitespace(buf, bufl);
|
|
add_next_index_stringl(array, buf, bufl);
|
|
}
|
|
return bufl;
|
|
}
|
|
|
|
/* {{{ php_exec
|
|
* If type==0, only last line of output is returned (exec)
|
|
* If type==1, all lines will be printed and last lined returned (system)
|
|
* If type==2, all lines will be saved to given array (exec with &$array)
|
|
* If type==3, output will be printed binary, no lines will be saved or returned (passthru)
|
|
*
|
|
*/
|
|
PHPAPI int php_exec(int type, const char *cmd, zval *array, zval *return_value)
|
|
{
|
|
FILE *fp;
|
|
char *buf;
|
|
int pclose_return;
|
|
char *b, *d=NULL;
|
|
php_stream *stream;
|
|
size_t buflen, bufl = 0;
|
|
#if PHP_SIGCHILD
|
|
void (*sig_handler)(int) = signal(SIGCHLD, SIG_DFL);
|
|
#endif
|
|
|
|
#ifdef PHP_WIN32
|
|
fp = VCWD_POPEN(cmd, "rb");
|
|
#else
|
|
fp = VCWD_POPEN(cmd, "r");
|
|
#endif
|
|
if (!fp) {
|
|
php_error_docref(NULL, E_WARNING, "Unable to fork [%s]", cmd);
|
|
goto err;
|
|
}
|
|
|
|
stream = php_stream_fopen_from_pipe(fp, "rb");
|
|
|
|
buf = (char *) emalloc(EXEC_INPUT_BUF);
|
|
buflen = EXEC_INPUT_BUF;
|
|
|
|
if (type != 3) {
|
|
b = buf;
|
|
|
|
while (php_stream_get_line(stream, b, EXEC_INPUT_BUF, &bufl)) {
|
|
/* no new line found, let's read some more */
|
|
if (b[bufl - 1] != '\n' && !php_stream_eof(stream)) {
|
|
if (buflen < (bufl + (b - buf) + EXEC_INPUT_BUF)) {
|
|
bufl += b - buf;
|
|
buflen = bufl + EXEC_INPUT_BUF;
|
|
buf = erealloc(buf, buflen);
|
|
b = buf + bufl;
|
|
} else {
|
|
b += bufl;
|
|
}
|
|
continue;
|
|
} else if (b != buf) {
|
|
bufl += b - buf;
|
|
}
|
|
|
|
bufl = handle_line(type, array, buf, bufl);
|
|
b = buf;
|
|
}
|
|
if (bufl) {
|
|
if (buf != b) {
|
|
/* Process remaining output */
|
|
bufl = handle_line(type, array, buf, bufl);
|
|
}
|
|
|
|
/* Return last line from the shell command */
|
|
bufl = strip_trailing_whitespace(buf, bufl);
|
|
RETVAL_STRINGL(buf, bufl);
|
|
} else { /* should return NULL, but for BC we return "" */
|
|
RETVAL_EMPTY_STRING();
|
|
}
|
|
} else {
|
|
ssize_t read;
|
|
while ((read = php_stream_read(stream, buf, EXEC_INPUT_BUF)) > 0) {
|
|
PHPWRITE(buf, read);
|
|
}
|
|
}
|
|
|
|
pclose_return = php_stream_close(stream);
|
|
efree(buf);
|
|
|
|
done:
|
|
#if PHP_SIGCHILD
|
|
if (sig_handler) {
|
|
signal(SIGCHLD, sig_handler);
|
|
}
|
|
#endif
|
|
if (d) {
|
|
efree(d);
|
|
}
|
|
return pclose_return;
|
|
err:
|
|
pclose_return = -1;
|
|
RETVAL_FALSE;
|
|
goto done;
|
|
}
|
|
/* }}} */
|
|
|
|
static void php_exec_ex(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */
|
|
{
|
|
zend_string *cmd;
|
|
zval *ret_code=NULL, *ret_array=NULL;
|
|
int ret;
|
|
|
|
ZEND_PARSE_PARAMETERS_START(1, (mode ? 2 : 3))
|
|
Z_PARAM_PATH_STR(cmd)
|
|
Z_PARAM_OPTIONAL
|
|
if (!mode) {
|
|
Z_PARAM_ZVAL(ret_array)
|
|
}
|
|
Z_PARAM_ZVAL(ret_code)
|
|
ZEND_PARSE_PARAMETERS_END();
|
|
|
|
if (UNEXPECTED(!ZSTR_LEN(cmd))) {
|
|
zend_argument_must_not_be_empty_error(1);
|
|
RETURN_THROWS();
|
|
}
|
|
|
|
if (!ret_array) {
|
|
ret = php_exec(mode, ZSTR_VAL(cmd), NULL, return_value);
|
|
} else {
|
|
if (Z_TYPE_P(Z_REFVAL_P(ret_array)) == IS_ARRAY) {
|
|
ZVAL_DEREF(ret_array);
|
|
SEPARATE_ARRAY(ret_array);
|
|
} else {
|
|
ret_array = zend_try_array_init(ret_array);
|
|
if (!ret_array) {
|
|
RETURN_THROWS();
|
|
}
|
|
}
|
|
|
|
ret = php_exec(2, ZSTR_VAL(cmd), ret_array, return_value);
|
|
}
|
|
if (ret_code) {
|
|
ZEND_TRY_ASSIGN_REF_LONG(ret_code, ret);
|
|
}
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Execute an external program */
|
|
PHP_FUNCTION(exec)
|
|
{
|
|
php_exec_ex(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0);
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Execute an external program and display output */
|
|
PHP_FUNCTION(system)
|
|
{
|
|
php_exec_ex(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1);
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Execute an external program and display raw output */
|
|
PHP_FUNCTION(passthru)
|
|
{
|
|
php_exec_ex(INTERNAL_FUNCTION_PARAM_PASSTHRU, 3);
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ php_escape_shell_cmd
|
|
Escape all chars that could possibly be used to
|
|
break out of a shell command
|
|
|
|
This function returns an owned zend_string, remember to release it when done.
|
|
|
|
*NOT* safe for binary strings
|
|
*/
|
|
PHPAPI zend_string *php_escape_shell_cmd(const zend_string *unescaped_cmd)
|
|
{
|
|
size_t x, y;
|
|
zend_string *cmd;
|
|
#ifndef PHP_WIN32
|
|
char *p = NULL;
|
|
#endif
|
|
|
|
ZEND_ASSERT(!zend_str_has_nul_byte(unescaped_cmd) && "Must be a binary safe string");
|
|
size_t l = ZSTR_LEN(unescaped_cmd);
|
|
const char *str = ZSTR_VAL(unescaped_cmd);
|
|
|
|
uint64_t estimate = (2 * (uint64_t)l) + 1;
|
|
|
|
/* max command line length - two single quotes - \0 byte length */
|
|
if (l > cmd_max_len - 2 - 1) {
|
|
zend_value_error("Command exceeds the allowed length of %zu bytes", cmd_max_len);
|
|
return ZSTR_EMPTY_ALLOC();
|
|
}
|
|
|
|
cmd = zend_string_safe_alloc(2, l, 0, 0);
|
|
|
|
for (x = 0, y = 0; x < l; x++) {
|
|
int mb_len = php_mblen(str + x, (l - x));
|
|
|
|
/* skip non-valid multibyte characters */
|
|
if (mb_len < 0) {
|
|
continue;
|
|
} else if (mb_len > 1) {
|
|
memcpy(ZSTR_VAL(cmd) + y, str + x, mb_len);
|
|
y += mb_len;
|
|
x += mb_len - 1;
|
|
continue;
|
|
}
|
|
|
|
switch (str[x]) {
|
|
#ifndef PHP_WIN32
|
|
case '"':
|
|
case '\'':
|
|
if (!p && (p = memchr(str + x + 1, str[x], l - x - 1))) {
|
|
/* noop */
|
|
} else if (p && *p == str[x]) {
|
|
p = NULL;
|
|
} else {
|
|
ZSTR_VAL(cmd)[y++] = '\\';
|
|
}
|
|
ZSTR_VAL(cmd)[y++] = str[x];
|
|
break;
|
|
#else
|
|
/* % is Windows specific for environmental variables, ^%PATH% will
|
|
output PATH while ^%PATH^% will not. escapeshellcmd->val will escape all % and !.
|
|
*/
|
|
case '%':
|
|
case '!':
|
|
case '"':
|
|
case '\'':
|
|
#endif
|
|
case '#': /* This is character-set independent */
|
|
case '&':
|
|
case ';':
|
|
case '`':
|
|
case '|':
|
|
case '*':
|
|
case '?':
|
|
case '~':
|
|
case '<':
|
|
case '>':
|
|
case '^':
|
|
case '(':
|
|
case ')':
|
|
case '[':
|
|
case ']':
|
|
case '{':
|
|
case '}':
|
|
case '$':
|
|
case '\\':
|
|
case '\x0A': /* excluding these two */
|
|
case '\xFF':
|
|
#ifdef PHP_WIN32
|
|
ZSTR_VAL(cmd)[y++] = '^';
|
|
#else
|
|
ZSTR_VAL(cmd)[y++] = '\\';
|
|
#endif
|
|
ZEND_FALLTHROUGH;
|
|
default:
|
|
ZSTR_VAL(cmd)[y++] = str[x];
|
|
|
|
}
|
|
}
|
|
ZSTR_VAL(cmd)[y] = '\0';
|
|
|
|
if (y > cmd_max_len + 1) {
|
|
zend_value_error("Escaped command exceeds the allowed length of %zu bytes", cmd_max_len);
|
|
zend_string_release_ex(cmd, 0);
|
|
return ZSTR_EMPTY_ALLOC();
|
|
}
|
|
|
|
if ((estimate - y) > 4096) {
|
|
/* realloc if the estimate was way overill
|
|
* Arbitrary cutoff point of 4096 */
|
|
cmd = zend_string_truncate(cmd, y, 0);
|
|
}
|
|
|
|
ZSTR_LEN(cmd) = y;
|
|
|
|
return cmd;
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ php_escape_shell_arg */
|
|
PHPAPI zend_string *php_escape_shell_arg(const zend_string *unescaped_arg)
|
|
{
|
|
size_t x, y = 0;
|
|
zend_string *cmd;
|
|
|
|
ZEND_ASSERT(!zend_str_has_nul_byte(unescaped_arg) && "Must be a binary safe string");
|
|
size_t l = ZSTR_LEN(unescaped_arg);
|
|
const char *str = ZSTR_VAL(unescaped_arg);
|
|
|
|
uint64_t estimate = (4 * (uint64_t)l) + 3;
|
|
|
|
/* max command line length - two single quotes - \0 byte length */
|
|
if (l > cmd_max_len - 2 - 1) {
|
|
zend_value_error("Argument exceeds the allowed length of %zu bytes", cmd_max_len);
|
|
return ZSTR_EMPTY_ALLOC();
|
|
}
|
|
|
|
cmd = zend_string_safe_alloc(4, l, 2, 0); /* worst case */
|
|
|
|
#ifdef PHP_WIN32
|
|
ZSTR_VAL(cmd)[y++] = '"';
|
|
#else
|
|
ZSTR_VAL(cmd)[y++] = '\'';
|
|
#endif
|
|
|
|
for (x = 0; x < l; x++) {
|
|
int mb_len = php_mblen(str + x, (l - x));
|
|
|
|
/* skip non-valid multibyte characters */
|
|
if (mb_len < 0) {
|
|
continue;
|
|
} else if (mb_len > 1) {
|
|
memcpy(ZSTR_VAL(cmd) + y, str + x, mb_len);
|
|
y += mb_len;
|
|
x += mb_len - 1;
|
|
continue;
|
|
}
|
|
|
|
switch (str[x]) {
|
|
#ifdef PHP_WIN32
|
|
case '"':
|
|
case '%':
|
|
case '!':
|
|
ZSTR_VAL(cmd)[y++] = ' ';
|
|
break;
|
|
#else
|
|
case '\'':
|
|
ZSTR_VAL(cmd)[y++] = '\'';
|
|
ZSTR_VAL(cmd)[y++] = '\\';
|
|
ZSTR_VAL(cmd)[y++] = '\'';
|
|
#endif
|
|
ZEND_FALLTHROUGH;
|
|
default:
|
|
ZSTR_VAL(cmd)[y++] = str[x];
|
|
}
|
|
}
|
|
#ifdef PHP_WIN32
|
|
if (y > 0 && '\\' == ZSTR_VAL(cmd)[y - 1]) {
|
|
int k = 0, n = y - 1;
|
|
for (; n >= 0 && '\\' == ZSTR_VAL(cmd)[n]; n--, k++);
|
|
if (k % 2) {
|
|
ZSTR_VAL(cmd)[y++] = '\\';
|
|
}
|
|
}
|
|
|
|
ZSTR_VAL(cmd)[y++] = '"';
|
|
#else
|
|
ZSTR_VAL(cmd)[y++] = '\'';
|
|
#endif
|
|
ZSTR_VAL(cmd)[y] = '\0';
|
|
|
|
if (y > cmd_max_len + 1) {
|
|
zend_value_error("Escaped argument exceeds the allowed length of %zu bytes", cmd_max_len);
|
|
zend_string_release_ex(cmd, 0);
|
|
return ZSTR_EMPTY_ALLOC();
|
|
}
|
|
|
|
if ((estimate - y) > 4096) {
|
|
/* realloc if the estimate was way overill
|
|
* Arbitrary cutoff point of 4096 */
|
|
cmd = zend_string_truncate(cmd, y, 0);
|
|
}
|
|
ZSTR_LEN(cmd) = y;
|
|
return cmd;
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Escape shell metacharacters */
|
|
PHP_FUNCTION(escapeshellcmd)
|
|
{
|
|
zend_string *command;
|
|
|
|
ZEND_PARSE_PARAMETERS_START(1, 1)
|
|
Z_PARAM_PATH_STR(command)
|
|
ZEND_PARSE_PARAMETERS_END();
|
|
|
|
if (ZSTR_LEN(command)) {
|
|
RETVAL_STR(php_escape_shell_cmd(command));
|
|
} else {
|
|
RETVAL_EMPTY_STRING();
|
|
}
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Quote and escape an argument for use in a shell command */
|
|
PHP_FUNCTION(escapeshellarg)
|
|
{
|
|
zend_string *argument;
|
|
|
|
ZEND_PARSE_PARAMETERS_START(1, 1)
|
|
Z_PARAM_PATH_STR(argument)
|
|
ZEND_PARSE_PARAMETERS_END();
|
|
|
|
RETVAL_STR(php_escape_shell_arg(argument));
|
|
}
|
|
/* }}} */
|
|
|
|
/* {{{ Execute command via shell and return complete output as string */
|
|
PHP_FUNCTION(shell_exec)
|
|
{
|
|
FILE *in;
|
|
char *command;
|
|
size_t command_len;
|
|
zend_string *ret;
|
|
php_stream *stream;
|
|
|
|
ZEND_PARSE_PARAMETERS_START(1, 1)
|
|
Z_PARAM_PATH(command, command_len)
|
|
ZEND_PARSE_PARAMETERS_END();
|
|
|
|
if (!command_len) {
|
|
zend_argument_must_not_be_empty_error(1);
|
|
RETURN_THROWS();
|
|
}
|
|
|
|
#ifdef PHP_WIN32
|
|
if ((in=VCWD_POPEN(command, "rt"))==NULL) {
|
|
#else
|
|
if ((in=VCWD_POPEN(command, "r"))==NULL) {
|
|
#endif
|
|
php_error_docref(NULL, E_WARNING, "Unable to execute '%s'", command);
|
|
RETURN_FALSE;
|
|
}
|
|
|
|
stream = php_stream_fopen_from_pipe(in, "rb");
|
|
ret = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0);
|
|
php_stream_close(stream);
|
|
|
|
if (ret && ZSTR_LEN(ret) > 0) {
|
|
RETVAL_STR(ret);
|
|
}
|
|
}
|
|
/* }}} */
|
|
|
|
#ifdef HAVE_NICE
|
|
/* {{{ Change the priority of the current process */
|
|
PHP_FUNCTION(proc_nice)
|
|
{
|
|
zend_long pri;
|
|
|
|
ZEND_PARSE_PARAMETERS_START(1, 1)
|
|
Z_PARAM_LONG(pri)
|
|
ZEND_PARSE_PARAMETERS_END();
|
|
|
|
errno = 0;
|
|
php_ignore_value(nice(pri));
|
|
if (errno) {
|
|
#ifdef PHP_WIN32
|
|
char *err = php_win_err();
|
|
php_error_docref(NULL, E_WARNING, "%s", err);
|
|
php_win_err_free(err);
|
|
#else
|
|
php_error_docref(NULL, E_WARNING, "Only a super user may attempt to increase the priority of a process");
|
|
#endif
|
|
RETURN_FALSE;
|
|
}
|
|
|
|
RETURN_TRUE;
|
|
}
|
|
/* }}} */
|
|
#endif
|