reference/exec/functions/escapeshellcmd.xml
1ea4e4f5769f1a173303f95074a91e8537f65133
1ea4e4f5769f1a173303f95074a91e8537f65133
...
...
@@ -25,10 +25,11 @@
25
25
</para>
26
26
<para>
27
27
Following characters are preceded by a backslash:
28
-
<literal>#&;`|*?~<>^()[]{}$\</literal>, <literal>\x0A</literal>
28
+
<literal>&#;`|*?~<>^()[]{}$\</literal>, <literal>\x0A</literal>
29
29
and <literal>\xFF</literal>. <literal>'</literal> and <literal>"</literal>
30
-
are escaped only if they are not paired. In Windows, all these characters
31
-
plus <literal>%</literal> are replaced by a space instead.
30
+
are escaped only if they are not paired. On Windows, all these characters
31
+
plus <literal>%</literal> and <literal>!</literal> are preceded by a caret
32
+
(<literal>^</literal>).
32
33
</para>
33
34
</refsect1>
34
35
...
...
@@ -85,6 +86,20 @@ system($escaped_command);
85
86
<function>escapeshellarg</function> should be used instead.
86
87
</para>
87
88
</warning>
89
+
<warning xmlns="http://docbook.org/ns/docbook">
90
+
<para>
91
+
Spaces will not be escaped by <function>escapeshellcmd</function>
92
+
which can be problematic on Windows with paths like:
93
+
<literal>C:\Program Files\ProgramName\program.exe</literal>.
94
+
This can be mitigated using the following code snippet:
95
+
<programlisting role="php">
96
+
<![CDATA[
97
+
<?php
98
+
$cmd = preg_replace('`(?<!^) `', '^ ', escapeshellcmd($cmd));
99
+
]]>
100
+
</programlisting>
101
+
</para>
102
+
</warning>
88
103
</refsect1>
89
104
90
105
<refsect1 role="seealso">
91
106