Skip to content

Commit

Permalink
Merge branch '6.4' into 7.1
Browse files Browse the repository at this point in the history
* 6.4:
  Do not read from argv on non-CLI SAPIs
  [Process] Use %PATH% before %CD% to load the shell on Windows
  [HttpFoundation] Reject URIs that contain invalid characters
  [HttpClient] Filter private IPs before connecting when Host == IP
  • Loading branch information
nicolas-grekas committed Nov 5, 2024
2 parents f4fb6b8 + 88638b9 commit 66716d3
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 20 deletions.
14 changes: 8 additions & 6 deletions ExecutableFinder.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
*/
class ExecutableFinder
{
private array $suffixes = ['.exe', '.bat', '.cmd', '.com'];
private const CMD_BUILTINS = [
'assoc', 'break', 'call', 'cd', 'chdir', 'cls', 'color', 'copy', 'date',
'del', 'dir', 'echo', 'endlocal', 'erase', 'exit', 'for', 'ftype', 'goto',
Expand All @@ -28,6 +27,8 @@ class ExecutableFinder
'setlocal', 'shift', 'start', 'time', 'title', 'type', 'ver', 'vol',
];

private array $suffixes = [];

/**
* Replaces default suffixes of executable.
*/
Expand Down Expand Up @@ -63,11 +64,13 @@ public function find(string $name, ?string $default = null, array $extraDirs = [
$extraDirs
);

$suffixes = [''];
$suffixes = [];
if ('\\' === \DIRECTORY_SEPARATOR) {
$pathExt = getenv('PATHEXT');
$suffixes = array_merge($pathExt ? explode(\PATH_SEPARATOR, $pathExt) : $this->suffixes, $suffixes);
$suffixes = $this->suffixes;
$suffixes = array_merge($suffixes, $pathExt ? explode(\PATH_SEPARATOR, $pathExt) : ['.exe', '.bat', '.cmd', '.com']);
}
$suffixes = '' !== pathinfo($name, PATHINFO_EXTENSION) ? array_merge([''], $suffixes) : array_merge($suffixes, ['']);
foreach ($suffixes as $suffix) {
foreach ($dirs as $dir) {
if ('' === $dir) {
Expand All @@ -83,12 +86,11 @@ public function find(string $name, ?string $default = null, array $extraDirs = [
}
}

if (!\function_exists('exec') || \strlen($name) !== strcspn($name, '/'.\DIRECTORY_SEPARATOR)) {
if ('\\' === \DIRECTORY_SEPARATOR || !\function_exists('exec') || \strlen($name) !== strcspn($name, '/'.\DIRECTORY_SEPARATOR)) {
return $default;
}

$command = '\\' === \DIRECTORY_SEPARATOR ? 'where %s 2> NUL' : 'command -v -- %s';
$execResult = exec(\sprintf($command, escapeshellarg($name)));
$execResult = exec('command -v -- '.escapeshellarg($name));

if (($executablePath = substr($execResult, 0, strpos($execResult, \PHP_EOL) ?: null)) && @is_executable($executablePath)) {
return $executablePath;
Expand Down
15 changes: 2 additions & 13 deletions PhpExecutableFinder.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,19 +32,8 @@ public function __construct()
public function find(bool $includeArgs = true): string|false
{
if ($php = getenv('PHP_BINARY')) {
if (!is_executable($php)) {
if (!\function_exists('exec') || \strlen($php) !== strcspn($php, '/'.\DIRECTORY_SEPARATOR)) {
return false;
}

$command = '\\' === \DIRECTORY_SEPARATOR ? 'where %s 2> NUL' : 'command -v -- %s';
$execResult = exec(\sprintf($command, escapeshellarg($php)));
if (!$php = substr($execResult, 0, strpos($execResult, \PHP_EOL) ?: null)) {
return false;
}
if (!is_executable($php)) {
return false;
}
if (!is_executable($php) && !$php = $this->executableFinder->find($php)) {
return false;
}

if (@is_dir($php)) {
Expand Down
9 changes: 8 additions & 1 deletion Process.php
Original file line number Diff line number Diff line change
Expand Up @@ -1585,7 +1585,14 @@ function ($m) use (&$env, $uid) {
$cmd
);

$cmd = 'cmd /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
static $comSpec;

if (!$comSpec && $comSpec = (new ExecutableFinder())->find('cmd.exe')) {
// Escape according to CommandLineToArgvW rules
$comSpec = '"'.preg_replace('{(\\\\*+)"}', '$1$1\"', $comSpec) .'"';
}

$cmd = ($comSpec ?? 'cmd').' /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
foreach ($this->processPipes->getFiles() as $offset => $filename) {
$cmd .= ' '.$offset.'>"'.$filename.'"';
}
Expand Down

0 comments on commit 66716d3

Please sign in to comment.