reference/exec/functions/escapeshellcmd.xml
62126c55f1c6ed444043e7272c4f9e233818a44b
62126c55f1c6ed444043e7272c4f9e233818a44b
...
...
@@ -25,10 +25,11 @@
25
25
</para>
26
26
<para>
27
27
Following characters are preceded by a backslash:
28
-
<literal>#&;`|*?~<>^()[]{}$\</literal>, <literal>\x0A</literal>
28
+
<literal>&#;`|*?~<>^()[]{}$\</literal>, <literal>\x0A</literal>
29
29
and <literal>\xFF</literal>. <literal>'</literal> and <literal>"</literal>
30
-
are escaped only if they are not paired. In Windows, all these characters
31
-
plus <literal>%</literal> are replaced by a space instead.
30
+
are escaped only if they are not paired. On Windows, all these characters
31
+
plus <literal>%</literal> and <literal>!</literal> are preceded by a caret
32
+
(<literal>^</literal>).
32
33
</para>
33
34
</refsect1>
34
35
...
...
@@ -77,6 +78,7 @@ system($escaped_command);
77
78
</refsect1>
78
79
79
80
<refsect1 role="notes">
81
+
&reftitle.notes;
80
82
<warning xmlns="http://docbook.org/ns/docbook">
81
83
<para>
82
84
<function>escapeshellcmd</function> should be used on the whole
...
...
@@ -85,6 +87,20 @@ system($escaped_command);
85
87
<function>escapeshellarg</function> should be used instead.
86
88
</para>
87
89
</warning>
90
+
<warning xmlns="http://docbook.org/ns/docbook">
91
+
<para>
92
+
Spaces will not be escaped by <function>escapeshellcmd</function>
93
+
which can be problematic on Windows with paths like:
94
+
<literal>C:\Program Files\ProgramName\program.exe</literal>.
95
+
This can be mitigated using the following code snippet:
96
+
<programlisting role="php">
97
+
<![CDATA[
98
+
<?php
99
+
$cmd = preg_replace('`(?<!^) `', '^ ', escapeshellcmd($cmd));
100
+
]]>
101
+
</programlisting>
102
+
</para>
103
+
</warning>
88
104
</refsect1>
89
105
90
106
<refsect1 role="seealso">
91
107