Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.5] Remove unnecessary escapeshellarg call #23025

Merged
merged 3 commits into from
Feb 4, 2018
Merged

[5.5] Remove unnecessary escapeshellarg call #23025

merged 3 commits into from
Feb 4, 2018

Conversation

misog
Copy link
Contributor

@misog misog commented Feb 4, 2018

  • As mentioned here [Proposal] Do not use escapeshellarg ideas#407 the escapeshellarg function is blocked by some shared hostings.
  • Other occurrences of escapeshellarg function were already replaced by "'".str_replace("'", "'\''", $argument)."'".
  • Moreover the removed function call in this proposed change is unnecessary and can be replaced by a constant.

misog added 2 commits February 3, 2018 16:45
@misog
Remove unnecessary escapeshellarg call
723689b 
- As mentioned here laravel/ideas#407 the escapeshellarg function is blocked by some shared hostings.
- Other occurrences of escapeshellarg function were already replaced by "'".str_replace("'", "'\\''", $argument)."'".
- Moreover the removed function call in this proposed change is unnecessary and can be replaced by a constant.
@misog
Merge pull request #1 from misog/misog-patch-1
341311d 
Remove unnecessary escapeshellarg call
@GrahamCampbell
Copy link
Member

I don't think we should change this. This code was copied directly from Symfony, and I think we should keep it synced with exactly what they have.

@laurencei
Copy link
Contributor

laurencei commented Feb 4, 2018
edited
Loading

This code was copied directly from Symfony, I think we should keep it synced with exactly what they have.

@GrahamCampbell Symfony completely changed their escapeArgument() function over a year ago:

https://github.com/symfony/process/blob/master/Process.php#L1533

Personally I think the change above looks good - because its only returning an empty string. If we want to avoid any risk of strange side effects - put it in 5.6 that comes out in a few days.

Alternatively we update the entire function to completely replicate Symfony's new version - but its really close to 5.6 and not much time to test... but if it is working for a large Symfony install base, then it would probably be fine for us?

@misog
Copy link
Contributor Author

misog commented Feb 4, 2018
edited
Loading

@GrahamCampbell as laurencei said symphony is not using the escapeshellarg anymore. It was even mentioned in context of shared hostings which block the function: symfony/process#14

@laurencei The reason I made this request for 5.5. is that 5.5 is LTS and LTS is very suitable choice for small web apps with limited or none maintenance phase, placed on shared hostings (which usually block escapeshellarg). LTS placed on shared hosting allows to update critical changes quickly (cheaply).

AFAIK this one escapeshellarg('') call which returns constant '""' on Windows [1] is the only escapeshellarg call left in 5.5.

More rewrite to match current symphony approach could be done later in 5.6 or 5.7.

[1] On Windows, escapeshellarg() instead replaces percent signs, exclamation marks (delayed variable substitution) and double quotes with spaces and adds double quotes around the string. https://secure.php.net/manual/en/function.escapeshellarg.php

@misog
Fix the right value on Windows
c95e553 
escapeshellarg('') returns '""' on Windows
@taylorotwell taylorotwell merged commit 6a5eb90 into laravel:5.5 Feb 4, 2018
@dependabot-preview dependabot-preview bot mentioned this pull request Mar 15, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@misog @GrahamCampbell @laurencei @taylorotwell