Fix GH-10489: run-tests.php does not escape path when building cmd (#10560)

Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.

Co-authored-by: Michael Voříšek <[email protected]>

Author: nielsdos

Zend/tests/bug40236.phpt

@@ -6,8 +6,8 @@ if (extension_loaded("readline")) die("skip Test doesn't support readline");
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
-$cmd = "\"$php\" -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = "$php -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
 echo `$cmd`;
 ?>
 --EXPECT--

Zend/tests/bug60978.phpt

@@ -2,8 +2,7 @@
 Bug #60978 (exit code incorrect)
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' -n -r "exit(2);"', $output, $exit_code);
+exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "exit(2);"', $output, $exit_code);
 echo $exit_code;
 ?>
 --EXPECT--

ext/com_dotnet/tests/bug77578.phpt

@@ -6,8 +6,8 @@ com_dotnet
 <?php
 // To actually be able to verify the crash during shutdown on Windows, we have
 // to execute a PHP subprocess, and check its exit status.
-$php = PHP_BINARY;
-$extension_dir = ini_get("extension_dir");
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$extension_dir = escapeshellarg(ini_get("extension_dir"));
 $script = <<<SCRIPT
 if (!extension_loaded('com_dotnet')) dl('com_dotnet');
 ini_set('com.autoregister_typelib', '1');

ext/mbstring/tests/gh7902.phpt

@@ -1,8 +1,10 @@
 --TEST--
 GH-7902 (mb_send_mail may delimit headers with LF only)
+--EXTENSIONS--
+mbstring
 --SKIPIF--
 <?php
-if (!extension_loaded("mbstring")) die("skip mbstring extension not available");
+if (str_contains(getcwd(), " ")) die("skip sendmail_path ini with spaces");
 ?>
 --INI--
 sendmail_path={MAIL:{PWD}/gh7902.eml}

ext/simplexml/tests/bug79971_1.phpt

@@ -1,8 +1,10 @@
 --TEST--
 Bug #79971 (special character is breaking the path in xml function)
+--EXTENSIONS--
+simplexml
 --SKIPIF--
 <?php
-if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
+if (str_contains(getcwd(), ' ')) die('skip simplexml already escapes the path with spaces so this test does not work');
 ?>
 --FILE--
 <?php

ext/standard/tests/directory/bug74589_utf8.phpt

@@ -18,6 +18,7 @@ internal_encoding=utf-8
 $item = "bug74589_新建文件夹"; // utf-8 string
 $dir = __DIR__ . DIRECTORY_SEPARATOR . $item;
 $test_file = $dir . DIRECTORY_SEPARATOR . "test.php";
+$test_file_escaped = escapeshellarg($test_file);
 
 mkdir($dir);
 
@@ -27,9 +28,9 @@ file_put_contents($test_file,
     var_dump(__FILE__);
     var_dump(__DIR__ === __DIR__);");
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
-echo shell_exec("$php -n $test_file");
+echo shell_exec("$php -n $test_file_escaped");
 
 ?>
 --EXPECTF--

ext/standard/tests/file/bug22414.phpt

@@ -6,22 +6,21 @@ output_handler=
 <?php
 
     $php = getenv('TEST_PHP_EXECUTABLE');
+    $php_escaped = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
     $tmpfile = tempnam(__DIR__, 'phpt');
     $args = ' -n ';
 
     /* Regular Data Test */
-    passthru($php . $args . ' -r " echo \"HELLO\"; "');
+    passthru($php_escaped . $args . ' -r " echo \"HELLO\"; "');
 
     echo "\n";
 
     /* Binary Data Test */
-
+    $cmd = $php_escaped . $args . ' -r ' . escapeshellarg("readfile(@getenv('TEST_PHP_EXECUTABLE'));");
     if (substr(PHP_OS, 0, 3) != 'WIN') {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\'\\\'\'TEST_PHP_EXECUTABLE\'\\\'\')); \"';
-        $cmd = $php . $args . ' -r \' passthru("'.$cmd.'"); \' > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . escapeshellarg('passthru("'.$cmd.'");') . ' > '.escapeshellarg($tmpfile);
     } else {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\\\\\\"TEST_PHP_EXECUTABLE\\\\\\")); \"';
-        $cmd = $php . $args . ' -r " passthru(\''.$cmd.'\');" > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . "\"passthru('".addslashes($cmd)."');\"" . ' > '.escapeshellarg($tmpfile);
     }
     exec($cmd);
 

ext/standard/tests/file/bug26615.phpt

@@ -7,9 +7,9 @@ variables_order=E
 $out = array();
 $status = -1;
 if (substr(PHP_OS, 0, 3) != 'WIN') {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
+    exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
 } else {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
+    exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
 }
 print_r($out);
 ?>

ext/standard/tests/file/bug26938.phpt

@@ -4,7 +4,7 @@ Bug #26938 (exec does not read consecutive long lines correctly)
 <?php
 $out = array();
 $status = -1;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if (substr(PHP_OS, 0, 3) != 'WIN') {
     exec($php . ' -n -r \''
          . '$lengths = array(10,20000,10000,5,10000,3);'

ext/standard/tests/file/bug60120.phpt

@@ -2,7 +2,7 @@
 Bug #60120 (proc_open hangs when data in stdin/out/err is getting larger or equal to 2048)
 --SKIPIF--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if (!$php) {
     die("skip No php executable defined\n");
 }
@@ -12,11 +12,8 @@ if (!$php) {
 
 error_reporting(E_ALL);
 
-$php = getenv('TEST_PHP_EXECUTABLE');
-if (!$php) {
-    die("No php executable defined\n");
-}
-$cmd = 'php -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = $php . ' -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
 $descriptors = array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w'));
 $stdin = str_repeat('*', 2049 );
 

ext/standard/tests/file/mkdir-002.phpt

@@ -24,7 +24,8 @@ var_dump(rmdir("./mkdir-002"));
 var_dump(mkdir(__DIR__."/mkdir-002", 0777));
 var_dump(mkdir(__DIR__."/mkdir-002/subdir", 0777));
 $dirname = __DIR__."/mkdir-002";
-var_dump(`ls -l $dirname`);
+$dirname_escaped = escapeshellarg($dirname);
+var_dump(`ls -l $dirname_escaped`);
 var_dump(rmdir(__DIR__."/mkdir-002/subdir"));
 var_dump(rmdir(__DIR__."/mkdir-002"));
 

ext/standard/tests/file/popen_pclose_basic.phpt

@@ -16,15 +16,16 @@ echo "-- Testing popen(): reading from the pipe --\n";
 $dirpath = $file_path."/popen_basic";
 mkdir($dirpath);
 touch($dirpath."/popen_basic.tmp");
-define('CMD', "ls $dirpath");
+define('CMD', "ls " . escapeshellarg($dirpath));
 $file_handle = popen(CMD, 'r');
 fpassthru($file_handle);
 pclose($file_handle);
 
 echo "-- Testing popen(): reading from a file using 'cat' command --\n";
 create_files($dirpath, 1, "text_with_new_line", 0755, 100, "w", "popen_basic", 1, "bytes");
 $filename = $dirpath."/popen_basic1.tmp";
-$command = "cat $filename";
+$filename_escaped = escapeshellarg($filename);
+$command = "cat $filename_escaped";
 $file_handle = popen($command, "r");
 $return_value =  fpassthru($file_handle);
 echo "\n";

ext/standard/tests/file/proc_open01.phpt

@@ -4,7 +4,7 @@ proc_open() regression test 1 (proc_open() leak)
 <?php
 $pipes = array(1, 2, 3);
 $orig_pipes = $pipes;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if ($php === false) {
     die("no php executable defined");
 }

ext/standard/tests/file/windows_mb_path/bug75063_cp1251.phpt

@@ -49,7 +49,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -n -d default_charset=cp1251 -f code.php"));
+print(shell_exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n -d default_charset=cp1251 -f code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/file/windows_mb_path/bug75063_utf8.phpt

@@ -47,7 +47,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -nf code.php"));
+print(shell_exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -nf code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/general_functions/bug69646.phpt

@@ -24,7 +24,7 @@ SCRIPT;
 $script = __DIR__ . DIRECTORY_SEPARATOR . "arginfo.php";
 file_put_contents($script, $helper_script);
 
-$cmd =  PHP_BINARY . " " . $script . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
+$cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " " . escapeshellarg($script) . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
 
 system($cmd);
 

ext/standard/tests/general_functions/bug70018.phpt

@@ -5,9 +5,10 @@ Bug #70018 (exec does not strip all whitespace)
 $output = array();
 
 $test_fl = __DIR__ . DIRECTORY_SEPARATOR . md5(uniqid());
+$test_fl_escaped = escapeshellarg($test_fl);
 file_put_contents($test_fl, '<?php echo "abc\f\n \n";');
 
-exec(PHP_BINARY . " -n $test_fl", $output);
+exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n $test_fl_escaped", $output);
 
 var_dump($output);
 

ext/standard/tests/general_functions/proc_open-mb0.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb0.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes,
         NULL,

ext/standard/tests/general_functions/proc_open-mb1.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb1.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes
         );

ext/standard/tests/general_functions/proc_open_pipes1.phpt

@@ -7,8 +7,8 @@ for ($i = 3; $i<= 30; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes2.phpt

@@ -5,8 +5,8 @@ proc_open() with no pipes
 
 $spec = array();
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes3.phpt

@@ -7,25 +7,26 @@ for ($i = 3; $i<= 5; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$callee_escaped = escapeshellarg($callee);
 
 $spec[$i] = array('pi');
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 
 $spec[$i] = 1;
 try {
-    proc_open("$php -n $callee", $spec, $pipes);
+    proc_open("$php -n $callee_escaped", $spec, $pipes);
 } catch (ValueError $exception) {
     echo $exception->getMessage() . "\n";
 }
 
 $spec[$i] = array('pipe', "test");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 $spec[$i] = array('file', "test", "z");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 echo "END\n";

ext/standard/tests/ini_info/php_ini_loaded_file.phpt

@@ -3,14 +3,14 @@ php_ini_loaded_file() function
 --FILE--
 <?php
     $inifile = __DIR__.DIRECTORY_SEPARATOR.'loaded.ini';
-    $php = '"'.getenv('TEST_PHP_EXECUTABLE').'"';
+    $php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
     $code = '"var_dump(php_ini_loaded_file());"';
 
     // No ini file
     passthru($php.' -n -r '.$code);
 
     // Specified ini file
-    passthru($php.' -c "'.$inifile.'" -r '.$code);
+    passthru($php.' -c '.escapeshellarg($inifile).' -r '.$code);
 ?>
 --EXPECTREGEX--
 bool\(false\)

ext/standard/tests/ini_info/php_ini_scanned_files.phpt

@@ -3,7 +3,7 @@ php_ini_scanned_files() function
 --FILE--
 <?php
     $inifile = __DIR__.DIRECTORY_SEPARATOR.'loaded.ini';
-    $php = sprintf('"%s" -c "%s"', getenv('TEST_PHP_EXECUTABLE'), $inifile);
+    $php = sprintf('%s -c %s', getenv('TEST_PHP_EXECUTABLE_ESCAPED'), escapeshellarg($inifile));
     $scandir = __DIR__.DIRECTORY_SEPARATOR.'scandir';
 
     // Empty env value disables any config option

ext/standard/tests/misc/bug79410.phpt

@@ -3,7 +3,7 @@ Bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without new
 --FILE--
 <?php
 ob_start();
-system(getenv('TEST_PHP_EXECUTABLE') . ' -n -r "echo str_repeat(\".\", 4095);"');
+system(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "echo str_repeat(\".\", 4095);"');
 var_dump(strlen(ob_get_clean()));
 ?>
 --EXPECT--

ext/standard/tests/streams/bug46024.phpt

@@ -2,17 +2,16 @@
 Bug #46024 stream_select() doesn't return the correct number
 --SKIPIF--
 <?php
-if (!getenv('TEST_PHP_EXECUTABLE')) die("skip TEST_PHP_EXECUTABLE not defined");
+if (!getenv('TEST_PHP_EXECUTABLE_ESCAPED')) die("skip TEST_PHP_EXECUTABLE_ESCAPED not defined");
 // Terminating the process may cause a bailout while writing out the phpinfo,
 // which may leak a temporary hash table. This does not seems worth fixing.
 if (getenv('SKIP_ASAN')) die("skip Test may leak");
 ?>
 --FILE--
 <?php
-$php = realpath(getenv('TEST_PHP_EXECUTABLE'));
 $pipes = array();
 $proc = proc_open(
-    "$php -n -i"
+    getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n -i"
     ,array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'))
     ,$pipes, __DIR__, array(), array()
 );

ext/standard/tests/streams/bug70198.phpt

@@ -17,6 +17,7 @@ server
 
 $srv_addr = "tcp://127.0.0.1:8964";
 $srv_fl = __DIR__ . "/bug70198_svr_" . md5(uniqid()) . ".php";
+$srv_fl_escaped = escapeshellarg($srv_fl);
 $srv_fl_cont = <<<SRV
 <?php
 \$socket = stream_socket_server('$srv_addr', \$errno, \$errstr);
@@ -35,7 +36,7 @@ if (!\$socket) {
 SRV;
 file_put_contents($srv_fl, $srv_fl_cont);
 $dummy0 = $dummy1 = array();
-$srv_proc = proc_open(PHP_BINARY . " -n $srv_fl", $dummy0, $dummy1);
+$srv_proc = proc_open(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n $srv_fl_escaped", $dummy0, $dummy1);
 
 $i = 0;
 /* wait a bit for the server startup */