[2008-04-06 08:40 UTC] wharmby at uk dot ibm dot com

Description:
------------
Calling escapeshellcmd() with more than 1 argument does not result in
expected warning msg; any spurious arguments are just ignored.

Suggest changing code to:  

PHP_FUNCTION(escapeshellcmd)
{
        zval **arg1;
        char *cmd = NULL;
 
        if (ZEND_NUM_ARGS()!=1 ||  zend_get_parameters_ex(1, &arg1) == FAILURE) 
        {
            WRONG_PARAM_COUNT;
        }
        
        convert_to_string_ex(arg1);
        if (Z_STRLEN_PP(arg1)) {
            cmd = php_escape_shell_cmd(Z_STRVAL_PP(arg1));
            RETVAL_STRING(cmd, 1);
            efree(cmd);
        }
}

or better still the following based on the code now in PHP 6 :

PHP_FUNCTION(escapeshellcmd)
{
    char *command
    int command_len;
    char *cmd = NULL;

   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &command, &command_len) == FAILURE) {
        return;
    }
	
    if (command_len) {
	cmd = php_escape_shell_cmd(command);
	RETVAL_STRING(cmd, 0);
    } else {
        RETVAL_EMPTY_STRING();
    }
}

Reproduce code:
---------------
<?php
$command= "Mr O'Neil";
$extra_arg = 10;
var_dump( escapeshellcmd($command, $extra_arg) );
?>    

Expected result:
----------------
A warning msg. With suggested fix the following output will  result:

Warning:   escapeshellcmd() expects exactly 1 parameter, 2 given in  <...>  on line nn
NULL
  

Actual result:
--------------
Actual Output:
-------------------
string(9) "Mr O Neil"

 [2008-04-08 17:24 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.