PHP exec()和路径中的空格 [英] PHP exec() and spaces in paths
问题描述
我正在PHP应用程序中执行以下操作:
$source = '/home/user/file.ext';
$output_dir = $this->setOutputString();
chdir('/home/ben/xc/phplib/bgwatcher-2011a/a01/');
exec('php bin/createjob.php $source $output_dir', $output);
return $output[0];
问题是这样的:我可以控制$source,但不能控制$output_dir(这是旧版Windows文件系统),并且路径中有空格. $output_dir的示例是:
/home/vol1/district id/store id/this_is_the_file.html
在将输出字符串插入到exec()函数中时,我已经尝试了两种方法:
addslashes($output_dir)和'"' . $output_dir . '"'转义整个输出字符串.在第一种情况下,路径被连接到:
/home/vol1/districtthis_is_the_file.html
...删除第一个空格和文件名之间的所有内容.在第二种情况下,exec()似乎在扔鞋并且不能正确执行-不幸的是,错误消息在机械中丢失了-如果绝对必要,我可以提供此消息,但是我也受时间限制找到解决方案.
这里有什么解决方案?我是否sprintf() exec()的整个字符串?我对为什么addslashes无法正常运行以逃避空格感到非常困惑,并且我认为它与使用exec()进行清理有关,但是我找不到任何文档来备份它. /p>
更新:我尝试了escapeshellarg()和preg_replace()都没有成功.进一步考虑这个问题,我是否需要两次逃避?还是逃避路径和命令?如果路径是由exec()一次转义的,而在执行命令之前是PHP的转义的一次,这是否足以说明我需要考虑两个转义?还是那是不行的?
根据 PHP docs ,
在数据库查询等中需要返回的字符前返回带反斜杠的字符串.这些字符是单引号('),双引号(),反斜杠()和NUL(NULL字节).
看起来您将不得不自己preg_replace空间.
即使这是另一个讨论的主题,但是如果性能是一个问题,那么在对其进行更多研究之后,看来str_replace 实际上比
标记为"str_replace()"的测试是 快了0.9053秒(花了 10.3%的时间.)
第一次测试耗时1.0093秒. (
preg_replace)第二次测试耗时0.104秒. (
str_replace)
I'm executing the following in a PHP application:
$source = '/home/user/file.ext';
$output_dir = $this->setOutputString();
chdir('/home/ben/xc/phplib/bgwatcher-2011a/a01/');
exec('php bin/createjob.php $source $output_dir', $output);
return $output[0];
The problem is this: I have control over $source, but not $output_dir, which is a legacy Windows filesystem, and there are spaces in the path. An example $output_dir is:
/home/vol1/district id/store id/this_is_the_file.html
When inserting the output string into the exec() function, I have tried both:
addslashes($output_dir) and '"' . $output_dir . '"' to escape the entire output string. In the first case, the path gets concatenated to:
/home/vol1/districtthis_is_the_file.html
... where everything between the first space and the filename gets dropped. In the second case, exec() appears to throw a shoe and doesn't execute properly - unfortunately, the error message is getting lost in the machinery - I can provide it if it's absolutely necessary, but I'm also under time constraints to find a solution.
What's the solution, here? Do I sprintf() the entire string for exec()? I'm very confused as to why addslashes isn't working correctly to escape the spaces, and I assume it has something to do with sanitization with exec(), but I can't find any documentation to back it up.
Update: I've tried escapeshellarg() and preg_replace() without success. Thinking about this further, do I need to double-escape the path? Or escape the path and the command? If the path is being unescaped once by exec(), and once by PHP before it executes the command, does it stand to reason that I need to account for both escapes? Or is that not how it works?
According to the PHP docs,
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte).
Looks like you'll have to preg_replace the spaces yourself.
Edit:
Even though this is the topic of another discussion, if performance is an issue, then after looking into it a little more, it seems that str_replace is actually quite a bit faster than preg_replace:
The test labeled "str_replace()" was the faster by 0.9053 seconds (it took 10.3% the time.)
The first test took 1.0093 seconds. (
preg_replace)The second test took 0.104 seconds. (
str_replace)
这篇关于PHP exec()和路径中的空格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
