Skip to content

Commit dcc3255

Browse files
nielsdosmvorisek
andauthored
Fix GH-10489: run-tests.php does not escape path when building cmd (#10560)
Multiple tests had to be changed to escape the arguments in shell commands. Some tests are skipped because they behave differently with spaces in the path versus without. One notable example of this is the hashbang test which does not work because spaces in hashbangs paths are not supported in Linux. Co-authored-by: Michael Voříšek <[email protected]>
1 parent b14785c commit dcc3255

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

75 files changed

+198
-160
lines changed

Zend/tests/bug40236.phpt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ if (extension_loaded("readline")) die("skip Test doesn't support readline");
66
?>
77
--FILE--
88
<?php
9-
$php = getenv('TEST_PHP_EXECUTABLE');
10-
$cmd = "\"$php\" -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
9+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
10+
$cmd = "$php -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
1111
echo `$cmd`;
1212
?>
1313
--EXPECT--

Zend/tests/bug60978.phpt

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,7 @@
22
Bug #60978 (exit code incorrect)
33
--FILE--
44
<?php
5-
$php = getenv('TEST_PHP_EXECUTABLE');
6-
exec($php . ' -n -r "exit(2);"', $output, $exit_code);
5+
exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "exit(2);"', $output, $exit_code);
76
echo $exit_code;
87
?>
98
--EXPECT--

ext/com_dotnet/tests/bug77578.phpt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ com_dotnet
66
<?php
77
// To actually be able to verify the crash during shutdown on Windows, we have
88
// to execute a PHP subprocess, and check its exit status.
9-
$php = PHP_BINARY;
10-
$extension_dir = ini_get("extension_dir");
9+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
10+
$extension_dir = escapeshellarg(ini_get("extension_dir"));
1111
$script = <<<SCRIPT
1212
if (!extension_loaded('com_dotnet')) dl('com_dotnet');
1313
ini_set('com.autoregister_typelib', '1');

ext/mbstring/tests/gh7902.phpt

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
--TEST--
22
GH-7902 (mb_send_mail may delimit headers with LF only)
3+
--EXTENSIONS--
4+
mbstring
35
--SKIPIF--
46
<?php
5-
if (!extension_loaded("mbstring")) die("skip mbstring extension not available");
7+
if (str_contains(getcwd(), " ")) die("skip sendmail_path ini with spaces");
68
?>
79
--INI--
810
sendmail_path={MAIL:{PWD}/gh7902.eml}

ext/simplexml/tests/bug79971_1.phpt

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
--TEST--
22
Bug #79971 (special character is breaking the path in xml function)
3+
--EXTENSIONS--
4+
simplexml
35
--SKIPIF--
46
<?php
5-
if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
7+
if (str_contains(getcwd(), ' ')) die('skip simplexml already escapes the path with spaces so this test does not work');
68
?>
79
--FILE--
810
<?php

ext/standard/tests/directory/bug74589_utf8.phpt

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ internal_encoding=utf-8
1818
$item = "bug74589_新建文件夹"; // utf-8 string
1919
$dir = __DIR__ . DIRECTORY_SEPARATOR . $item;
2020
$test_file = $dir . DIRECTORY_SEPARATOR . "test.php";
21+
$test_file_escaped = escapeshellarg($test_file);
2122

2223
mkdir($dir);
2324

@@ -27,9 +28,9 @@ file_put_contents($test_file,
2728
var_dump(__FILE__);
2829
var_dump(__DIR__ === __DIR__);");
2930

30-
$php = getenv('TEST_PHP_EXECUTABLE');
31+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
3132

32-
echo shell_exec("$php -n $test_file");
33+
echo shell_exec("$php -n $test_file_escaped");
3334

3435
?>
3536
--EXPECTF--

ext/standard/tests/file/bug22414.phpt

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,22 +6,21 @@ output_handler=
66
<?php
77

88
$php = getenv('TEST_PHP_EXECUTABLE');
9+
$php_escaped = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
910
$tmpfile = tempnam(__DIR__, 'phpt');
1011
$args = ' -n ';
1112

1213
/* Regular Data Test */
13-
passthru($php . $args . ' -r " echo \"HELLO\"; "');
14+
passthru($php_escaped . $args . ' -r " echo \"HELLO\"; "');
1415

1516
echo "\n";
1617

1718
/* Binary Data Test */
18-
19+
$cmd = $php_escaped . $args . ' -r ' . escapeshellarg("readfile(@getenv('TEST_PHP_EXECUTABLE'));");
1920
if (substr(PHP_OS, 0, 3) != 'WIN') {
20-
$cmd = $php . $args . ' -r \"readfile(@getenv(\'\\\'\'TEST_PHP_EXECUTABLE\'\\\'\')); \"';
21-
$cmd = $php . $args . ' -r \' passthru("'.$cmd.'"); \' > '.$tmpfile ;
21+
$cmd = $php_escaped . $args . ' -r ' . escapeshellarg('passthru("'.$cmd.'");') . ' > '.escapeshellarg($tmpfile);
2222
} else {
23-
$cmd = $php . $args . ' -r \"readfile(@getenv(\\\\\\"TEST_PHP_EXECUTABLE\\\\\\")); \"';
24-
$cmd = $php . $args . ' -r " passthru(\''.$cmd.'\');" > '.$tmpfile ;
23+
$cmd = $php_escaped . $args . ' -r ' . "\"passthru('".addslashes($cmd)."');\"" . ' > '.escapeshellarg($tmpfile);
2524
}
2625
exec($cmd);
2726

ext/standard/tests/file/bug26615.phpt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,9 @@ variables_order=E
77
$out = array();
88
$status = -1;
99
if (substr(PHP_OS, 0, 3) != 'WIN') {
10-
exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
10+
exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
1111
} else {
12-
exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
12+
exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
1313
}
1414
print_r($out);
1515
?>

ext/standard/tests/file/bug26938.phpt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Bug #26938 (exec does not read consecutive long lines correctly)
44
<?php
55
$out = array();
66
$status = -1;
7-
$php = getenv('TEST_PHP_EXECUTABLE');
7+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
88
if (substr(PHP_OS, 0, 3) != 'WIN') {
99
exec($php . ' -n -r \''
1010
. '$lengths = array(10,20000,10000,5,10000,3);'

ext/standard/tests/file/bug60120.phpt

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Bug #60120 (proc_open hangs when data in stdin/out/err is getting larger or equal to 2048)
33
--SKIPIF--
44
<?php
5-
$php = getenv('TEST_PHP_EXECUTABLE');
5+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
66
if (!$php) {
77
die("skip No php executable defined\n");
88
}
@@ -12,11 +12,8 @@ if (!$php) {
1212

1313
error_reporting(E_ALL);
1414

15-
$php = getenv('TEST_PHP_EXECUTABLE');
16-
if (!$php) {
17-
die("No php executable defined\n");
18-
}
19-
$cmd = 'php -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
15+
$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
16+
$cmd = $php . ' -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
2017
$descriptors = array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w'));
2118
$stdin = str_repeat('*', 2049 );
2219

0 commit comments

Comments
 (0)