无法将双引号参数传递给php shell。

Question

我有一个长字符串，它由命令行参数组成。这些论点都是用双引号包装的。当我将命令传递给exec时，什么都不会发生。在传入escapeshellarg()之前，我尝试在exec中传递字符串，但没有效果。

字符串如下：

/usr/bin/python3 /home/johndoe/src/crm_api.py "jack" "london" "jack@yahoo.com" "09061414145" "No. 1, George St. Ave., CA, USA" "California" "CA" "2222222222" "United States" "$2y$10$U81IfXi7r7hx4xggYTpcJesRblqTKrGAbgM388/v0pH.qtOfLVLfi"

使用该字符串的代码如下：

    $command = "/usr/bin/python3 /home/johndoe/src/crm_api.py " .
            $crm_first_name . " " .
            $crm_last_name . " " . $crm_email . " " . $crm_phone . " " .
            $crm_address . " " . $crm_city . " " . $crm_state . " " .
            $crm_zip . " " . $crm_country . " " . $crm_password;

    echo '<script>console.log(\'' . $command . '\');</script>';


    echo $command;
    echo '<script> alert(\'' . $command . '\');</script>';
    $cResult = exec($command);
    echo '<script>console.log(' . $cResult . ');</script>';

Answer 1

是的，逃避责任()是用来转义shell参数的工具。例如：

$script = '/usr/bin/python3 /home/johndoe/src/crm_api.py';
$args = [
    $crm_first_name,
    $crm_last_name,
    $crm_email,
    $crm_phone,
    $crm_address,
    $crm_city,
    $crm_state,
    $crm_zip,
    $crm_country,
    $crm_password,
];
$command = $script . ' ' . implode(' ', array_map('escapeshellarg', $args));

(您也可以将它应用于脚本路径本身，但是这里没有必要，因为它是硬编码的。)

演示