Merge branch '7.1' into 7.2

* 7.1:
  Do not read from argv on non-CLI SAPIs
  [Process] Use %PATH% before %CD% to load the shell on Windows
  [HttpFoundation] Reject URIs that contain invalid characters
  [HttpClient] Filter private IPs before connecting when Host == IP

Author: nicolas-grekas

ExecutableFinder.php

@@ -29,14 +29,6 @@ class ExecutableFinder
 
     private array $suffixes = [];
 
-    public function __construct()
-    {
-        // Set common extensions on Windows.
-        if ('\\' === \DIRECTORY_SEPARATOR) {
-            $this->suffixes = ['.exe', '.bat', '.cmd', '.com'];
-        }
-    }
-
     /**
      * Replaces default suffixes of executable.
      */
@@ -75,11 +67,12 @@ public function find(string $name, ?string $default = null, array $extraDirs = [
             $extraDirs
         );
 
-        $suffixes = [''];
-        if ('\\' === \DIRECTORY_SEPARATOR && $pathExt = getenv('PATHEXT')) {
-            $suffixes = array_merge(explode(\PATH_SEPARATOR, $pathExt), $suffixes);
+        $suffixes = $this->suffixes;
+        if ('\\' === \DIRECTORY_SEPARATOR) {
+            $pathExt = getenv('PATHEXT');
+            $suffixes = array_merge($suffixes, $pathExt ? explode(\PATH_SEPARATOR, $pathExt) : ['.exe', '.bat', '.cmd', '.com']);
         }
-        $suffixes = array_merge($suffixes, $this->suffixes);
+        $suffixes = '' !== pathinfo($name, PATHINFO_EXTENSION) ? array_merge([''], $suffixes) : array_merge($suffixes, ['']);
         foreach ($suffixes as $suffix) {
             foreach ($dirs as $dir) {
                 if ('' === $dir) {
@@ -95,12 +88,11 @@ public function find(string $name, ?string $default = null, array $extraDirs = [
             }
         }
 
-        if (!\function_exists('exec') || \strlen($name) !== strcspn($name, '/'.\DIRECTORY_SEPARATOR)) {
+        if ('\\' === \DIRECTORY_SEPARATOR || !\function_exists('exec') || \strlen($name) !== strcspn($name, '/'.\DIRECTORY_SEPARATOR)) {
             return $default;
         }
 
-        $command = '\\' === \DIRECTORY_SEPARATOR ? 'where %s 2> NUL' : 'command -v -- %s';
-        $execResult = exec(\sprintf($command, escapeshellarg($name)));
+        $execResult = exec('command -v -- '.escapeshellarg($name));
 
         if (($executablePath = substr($execResult, 0, strpos($execResult, \PHP_EOL) ?: null)) && @is_executable($executablePath)) {
             return $executablePath;

PhpExecutableFinder.php

@@ -32,19 +32,8 @@ public function __construct()
     public function find(bool $includeArgs = true): string|false
     {
         if ($php = getenv('PHP_BINARY')) {
-            if (!is_executable($php)) {
-                if (!\function_exists('exec') || \strlen($php) !== strcspn($php, '/'.\DIRECTORY_SEPARATOR)) {
-                    return false;
-                }
-
-                $command = '\\' === \DIRECTORY_SEPARATOR ? 'where %s 2> NUL' : 'command -v -- %s';
-                $execResult = exec(\sprintf($command, escapeshellarg($php)));
-                if (!$php = substr($execResult, 0, strpos($execResult, \PHP_EOL) ?: null)) {
-                    return false;
-                }
-                if (!is_executable($php)) {
-                    return false;
-                }
+            if (!is_executable($php) && !$php = $this->executableFinder->find($php)) {
+                return false;
             }
 
             if (@is_dir($php)) {

Process.php

@@ -1592,7 +1592,14 @@ function ($m) use (&$env, $uid) {
             $cmd
         );
 
-        $cmd = 'cmd /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
+        static $comSpec;
+
+        if (!$comSpec && $comSpec = (new ExecutableFinder())->find('cmd.exe')) {
+            // Escape according to CommandLineToArgvW rules
+            $comSpec = '"'.preg_replace('{(\\\\*+)"}', '$1$1\"', $comSpec) .'"';
+        }
+
+        $cmd = ($comSpec ?? 'cmd').' /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
         foreach ($this->processPipes->getFiles() as $offset => $filename) {
             $cmd .= ' '.$offset.'>"'.$filename.'"';
         }