diff --git commands/sql/sql.drush.inc commands/sql/sql.drush.inc index 56c1e30..125375b 100644 --- commands/sql/sql.drush.inc +++ commands/sql/sql.drush.inc @@ -753,7 +753,7 @@ function _drush_sql_get_credentials($db_spec = NULL) { $parameter_strings = array(); foreach ($parameters as $key => $value) { // Only escape the values, not the keys or the rest of the string. - $value = escapeshellcmd($value); + $value = drush_escapeshellarg($value); $parameter_strings[] = "--$key=$value"; } diff --git drush drush index 5bcd294..4bb2055 100755 --- drush +++ drush @@ -70,13 +70,17 @@ done # Add in the php file location and/or the php override variables as appropriate if [ "x$drush_php_ini" != "x" ] ; then - php="$php --php-ini $drush_php_ini" + php_options="--php-ini $drush_php_ini" fi if [ "x$drush_php_override" != "x" ] ; then - drush_override_vars=`grep '^[a-z_A-Z0-9]\+ *=' $drush_php_override | sed -e 's|\([^ =]*\) *= *\(.*\)|\1="\2"|' -e 's| ||g' -e 's|^|-d |' | tr '\n\r' ' '` - php="$php $drush_override_vars" + php_options=`grep '^[a-z_A-Z0-9]\+ *=' $drush_php_override | sed -e 's|\([^ =]*\) *= *\(.*\)|\1="\2"|' -e 's| ||g' -e 's|^|-d |' | tr '\n\r' ' '` fi # Pass in the path to php so that drush knows which one -# to use if it re-launches itself to run subcommands -exec $php "$SCRIPT_PATH" "$@" --php="$php" +# to use if it re-launches itself to run subcommands. We +# will also pass php options if any are defined. +if [ -z "$php_options" ] ; then + exec $php $php_options "$SCRIPT_PATH" "$@" --php="$php" +else + exec $php $php_options "$SCRIPT_PATH" "$@" --php="$php" --php-options="$php_options" +fi diff --git includes/backend.inc includes/backend.inc index 4e5e372..fc78def 100644 --- includes/backend.inc +++ includes/backend.inc @@ -519,10 +519,12 @@ function _drush_backend_generate_command($command, $args, &$data, $method = 'GET */ function _drush_backend_generate_command_sitealias($site_record, $command, $args, &$data, $method = 'GET') { $drush_path = null; + $php = ''; $hostname = array_key_exists('remote-host', $site_record) ? $site_record['remote-host'] : null; $username = array_key_exists('remote-user', $site_record) ? $site_record['remote-user'] : null; $ssh_options = array_key_exists('ssh-options', $site_record) ? $site_record['ssh-options'] : null; + $os = drush_os($site_record); $drush_path = NULL; if (array_key_exists('path-aliases', $site_record)) { @@ -535,11 +537,47 @@ function _drush_backend_generate_command_sitealias($site_record, $command, $args $hostname = null; } - $drush_path = !is_null($drush_path) ? $drush_path : (is_null($hostname) ? DRUSH_COMMAND : 'drush'); // Call own drush.php file on local machines, or 'drush' on remote machines. + // If the caller did not pass in a specific path to drush, then we will + // use a default value. For commands that are being executed on the same + // machine, we will use DRUSH_COMMAND, which is the path to the drush.php + // that is running right now. For remote commands, we will run a wrapper + // script instead of drush.php -- drush.bat on Windows, or drush on Linux. + if (is_null($drush_path)) { + if (is_null($hostname)) { + $drush_path = DRUSH_COMMAND; + } + else { + $drush_path = drush_is_windows($os) ? 'drush.bat' : 'drush'; + } + } + // If the path to drush points to drush.php, then we will need to + // run it via php rather than direct execution. By default, we + // will use 'php' unless something more specific was passed in + // via the --php flag. + if (substr($drush_path, -4) == ".php") { + if (array_key_exists('php', $data)) { + $php = $data['php']; + } + else { + $php = drush_get_option('php'); + if (isset($php)) { + $data['php'] = $php; + } + else { + $php = 'php'; + } + } + // We will also add in the php options from --php-options + $php = drush_escapeshellarg($php, $os) . ' '; + $php_options = drush_get_option('php-options',''); + if (!empty($php_options)) { + $php .= $php_options . ' '; + $data['php-options'] = $php_options; + } + } $data['root'] = array_key_exists('root', $data) ? $data['root'] : drush_get_context('DRUSH_DRUPAL_ROOT'); $data['uri'] = array_key_exists('uri', $data) ? $data['uri'] : drush_get_context('DRUSH_URI'); - $os = drush_os($site_record); $option_str = _drush_backend_argument_string($data, $method, $os); foreach ($data as $key => $arg) { if (is_numeric($key)) { @@ -550,16 +588,14 @@ function _drush_backend_generate_command_sitealias($site_record, $command, $args foreach ($args as $arg) { $command .= ' ' . drush_escapeshellarg($arg, $os); } - $interactive = ' ' . (empty($data['#interactive']) ? '' : ' > `tty`') . ' 2>&1'; - // @TODO: Implement proper multi platform / multi server support. - $cmd = escapeshellcmd($drush_path) . " " . $option_str . " " . $command . (empty($data['#interactive']) ? " --backend" : ""); - + $cmd = $php . drush_escapeshellarg($drush_path, $os) . " " . $option_str . " " . $command . (empty($data['#interactive']) ? " --backend" : ""); if (!is_null($hostname)) { $username = (!is_null($username)) ? drush_escapeshellarg($username, $os) . "@" : ''; $ssh_options = (!is_null($ssh_options)) ? $ssh_options : drush_get_option('ssh-options', "-o PasswordAuthentication=no"); - $cmd = "ssh " . $ssh_options . " " . $username . drush_escapeshellarg($hostname, $os) . " " . drush_escapeshellarg($cmd . ' 2>&1', $os) . $interactive; + $cmd = "ssh " . $ssh_options . " " . $username . drush_escapeshellarg($hostname, $os) . " " . drush_escapeshellarg($cmd . ' 2>&1', $os) . ' 2>&1'; } else { + $interactive = ' ' . ((drush_is_windows() || empty($data['#interactive'])) ? '' : ' > `tty`') . ' 2>&1'; $cmd .= $interactive; } diff --git includes/environment.inc includes/environment.inc index 08850f5..75a2236 100644 --- includes/environment.inc +++ includes/environment.inc @@ -1284,10 +1284,7 @@ function drush_valid_db_credentials() { * Note that the $_ global is defined only in bash and therefore cannot * be relied upon. * - * We will therefore assume PHP is available in the path and is named - * "php" for execute ourselves. That is, the #!/usr/bin/env php is - * working and valid, unless a PHP constant is defined, which can be - * done by the shell wrapper. + * We determine which php to use in backend invoke. * * The DRUSH_COMMAND constant is initialised to the value of this * function when environment.inc is loaded. @@ -1295,12 +1292,7 @@ function drush_valid_db_credentials() { * @see DRUSH_COMMAND */ function drush_find_drush() { - $php = drush_get_option('php'); - if (isset($php)) { - $drush = $php . " " . realpath($_SERVER['argv'][0]) . " --php='$php'"; - } else { - $drush = realpath($_SERVER['argv']['0']); - } + $drush = realpath($_SERVER['argv']['0']); return $drush; } diff --git includes/exec.inc includes/exec.inc index d7bfe63..3329e74 100644 --- includes/exec.inc +++ includes/exec.inc @@ -167,27 +167,38 @@ function drush_os($site_record = NULL) { } /** - * Platform-independent version of escapeshellarg(). - * This only works for local commands. - * TODO: Make a unified drush_escapeshellarg - * that works on Linux and Windows. + * Platform-dependent version of escapeshellarg(). + * Given the target platform, return an appropriately-escaped + * string. The target platform may be omitted for args that + * are /known/ to be for the local machine. */ function drush_escapeshellarg($arg, $os = NULL) { - if (drush_is_windows($os)) { + // Short-circuit escaping for simple params (keep stuff readable) + if (preg_match('|^[a-zA-Z0-9.:/_-]*$|', $arg)) { + return $arg; + } + elseif (drush_is_windows($os)) { return _drush_escapeshellarg_windows($arg); } else { - return escapeshellarg($arg); + $escaped = _drush_escapeshellarg_linux($arg); + // We expect that our escapeshellarg should return exactly the + // same thing that escapeshellarg does on Linux; to be conservative, + // though, we will compare and correct against the reference implementation, + // and remove this check once everything works perfectly. + if (!drush_is_windows()) { + $compare_escaped = escapeshellarg($arg); + if ($compare_escaped != $escaped) { + drush_log(dt("Error in _drush_escapeshellarg_linux;\nReturned: !escaped\nExpected: !expected", array('!escaped' => $escaped, '!expected' => $compare_escaped)), 'debug'); + $escaped = $compare_escaped; + } + } + return $escaped; } } /** * Windows version of escapeshellarg(). - * - * @deprecated escapeshellarg needs to be cross-platform, - * because drush does not always know in advance whether an - * escaped arg will be used locally or on a remote system. - * See http://drupal.org/node/766080 */ function _drush_escapeshellarg_windows($arg) { // Double the backslashes before any double quotes. Escape the double quotes. @@ -214,6 +225,37 @@ function _drush_escapeshellarg_windows($arg) { } /** + * Linux version of escapeshellarg(). + * + * This is intended to work the same way that escapeshellarg() does on + * Linux. If we need to escape a string that will be used remotely on + * a Linux system, then we need our own implementation of escapeshellarg, + * because the Windows version behaves differently. + */ +function _drush_escapeshellarg_linux($arg) { + // Double the backslashes before any double quotes. Escape the double quotes. + // (\" => \\\") && (" => \") = + // (\" => \\") + + $arg = preg_replace('/\\\"/', '\\\\\\"', $arg); + // + (" => \") + $arg = preg_replace('/"/', '\\"', $arg); + + // For single quotes existing in the string, we will "exit" + // single-quote mode, add a \' and then "re-enter" + // single-quote mode. The result of this is that + // 'quote' becomes '\''quote'\'' + $arg = preg_replace('/\'/', '\'\\\'\'', $arg); + + // Replace "\t", "\n", "\r", "\0", "\x0B" with a whitespace. + $arg = str_replace(array("\t", "\n", "\r", "\0", "\x0B"), ' ', $arg); + + // Add surrounding quotes. + $arg = "'" . $arg . "'"; + + return $arg; +} + +/** * Stores output for the most recent shell command. * This should only be run from drush_shell_exec(). *