Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fc15f0d

Browse files
nicolas-grekasnicolas-grekas
committed
[Process] Strong args escaping on Windows + deprecate compat settings
1 parent f8b02ed commit fc15f0d

13 files changed

+211
-85
lines changed

.travis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ script:
9696
- if [[ ! $deps && ! $PHP = hhvm* ]]; then echo "$COMPONENTS" | parallel --gnu '$PHPUNIT --exclude-group tty,benchmark,intl-data {}'"$REPORT"; fi
9797
- if [[ ! $deps && ! $PHP = hhvm* ]]; then echo -e "\\nRunning tests requiring tty"; $PHPUNIT --group tty; fi
9898
- if [[ ! $deps && $PHP = hhvm* ]]; then $PHPUNIT --exclude-group benchmark,intl-data; fi
99-
- if [[ ! $deps && $PHP = ${MIN_PHP%.*} ]]; then echo -e "1\\n0" | xargs -I{} sh -c 'echo "\\nPHP --enable-sigchild enhanced={}" && ENHANCE_SIGCHLD={} php-$MIN_PHP/sapi/cli/php .phpunit/phpunit-4.8/phpunit --colors=always src/Symfony/Component/Process/'; fi
99+
- if [[ ! $deps && $PHP = ${MIN_PHP%.*} ]]; then echo -e "1\\n0" | xargs -I{} sh -c 'echo "\\nPHP --enable-sigchild enhanced={}" && SYMFONY_DEPRECATIONS_HELPER=weak ENHANCE_SIGCHLD={} php-$MIN_PHP/sapi/cli/php .phpunit/phpunit-4.8/phpunit --colors=always src/Symfony/Component/Process/'; fi
100100
- if [[ $deps = high ]]; then echo "$COMPONENTS" | parallel --gnu -j10% 'cd {}; composer update --no-progress --ansi; $PHPUNIT --exclude-group tty,benchmark,intl-data'$LEGACY"$REPORT"; fi
101101
- if [[ $deps = low ]]; then echo "$COMPONENTS" | parallel --gnu -j10% 'cd {}; composer update --no-progress --ansi --prefer-lowest --prefer-stable; $PHPUNIT --exclude-group tty,benchmark,intl-data'"$REPORT"; fi
102102
# Test the PhpUnit bridge using the original phpunit script

UPGRADE-3.3.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,16 @@ HttpKernel
4242
* The `Psr6CacheClearer::addPool()` method has been deprecated. Pass an array of pools indexed
4343
by name to the constructor instead.
4444

45+
Process
46+
-------
47+
48+
* On Windows, `!VAR!` expansion inside escaped arguments is deprecated.
49+
50+
* Not-inheriting environment variables is deprecated.
51+
52+
* Configuring `proc_open()` options, Windows compatibility and sigchild
53+
compatibility is deprecated - they will be always enabled in 4.0.
54+
4555
Security
4656
--------
4757

UPGRADE-4.0.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,16 @@ HttpKernel
204204
* The `Psr6CacheClearer::addPool()` method has been removed. Pass an array of pools indexed
205205
by name to the constructor instead.
206206

207+
Process
208+
-------
209+
210+
* On Windows, `!VAR!` variables are not expanded anymore in escaped arguments.
211+
212+
* Environment variables are always inherited in sub-processes.
213+
214+
* Configuring `proc_open()` options, Windows compatibility and sigchild
215+
compatibility is not possible anymore - they are always enabled.
216+
207217
Security
208218
--------
209219

src/Symfony/Component/Console/Tests/Helper/ProcessHelperTest.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
use Symfony\Component\Console\Output\StreamOutput;
1717
use Symfony\Component\Console\Helper\ProcessHelper;
1818
use Symfony\Component\Process\Process;
19+
use Symfony\Component\Process\ProcessUtils;
1920

2021
class ProcessHelperTest extends \PHPUnit_Framework_TestCase
2122
{
@@ -84,7 +85,9 @@ public function provideCommandsAndOutput()
8485

8586
$errorMessage = 'An error occurred';
8687
if ('\\' === DIRECTORY_SEPARATOR) {
87-
$successOutputProcessDebug = str_replace("'", '"', $successOutputProcessDebug);
88+
$args = array('php', '-r', 'echo 42;');
89+
$args = array_map(array(ProcessUtils::class, 'escapeArgument'), $args);
90+
$successOutputProcessDebug = str_replace("'php' '-r' 'echo 42;'", implode(' ', $args), $successOutputProcessDebug);
8891
}
8992

9093
return array(

src/Symfony/Component/Dotenv/Dotenv.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,9 @@ private function resolveCommands($value)
275275
}
276276

277277
$process = new Process('echo '.$matches[0]);
278-
$process->inheritEnvironmentVariables(true);
278+
if (method_exists($process, 'inheritEnvironmentVariables')) {
279+
$process->inheritEnvironmentVariables(true, false);
280+
}
279281
$process->setEnv($this->values);
280282
try {
281283
$process->mustRun();

src/Symfony/Component/Process/CHANGELOG.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,15 @@
11
CHANGELOG
22
=========
33

4+
3.3.0
5+
-----
6+
7+
* deprecated `!VAR!` expansion inside escaped arguments
8+
* deprecated not-inheriting environment variables
9+
* deprecated configuring `proc_open()` options
10+
* deprecated configuring enhanced Windows compatibility
11+
* deprecated configuring enhanced sigchild compatibility
12+
413
2.5.0
514
-----
615

src/Symfony/Component/Process/PhpProcess.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ class PhpProcess extends Process
3333
* @param int $timeout The timeout in seconds
3434
* @param array $options An array of options for proc_open
3535
*/
36-
public function __construct($script, $cwd = null, array $env = null, $timeout = 60, array $options = array())
36+
public function __construct($script, $cwd = null, array $env = null, $timeout = 60, array $options = null)
3737
{
3838
$executableFinder = new PhpExecutableFinder();
3939
if (false === $php = $executableFinder->find()) {
@@ -52,6 +52,9 @@ public function __construct($script, $cwd = null, array $env = null, $timeout =
5252
// command with exec
5353
$php = 'exec '.$php;
5454
}
55+
if (null !== $options) {
56+
@trigger_error(sprintf('The $options parameter of the %s constructor is deprecated since version 3.3 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED);
57+
}
5558

5659
parent::__construct($php, $cwd, $env, $script, $timeout, $options);
5760
}

src/Symfony/Component/Process/Process.php

Lines changed: 93 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ class Process implements \IteratorAggregate
145145
*
146146
* @throws RuntimeException When proc_open is not installed
147147
*/
148-
public function __construct($commandline, $cwd = null, array $env = null, $input = null, $timeout = 60, array $options = array())
148+
public function __construct($commandline, $cwd = null, array $env = null, $input = null, $timeout = 60, array $options = null)
149149
{
150150
if (!function_exists('proc_open')) {
151151
throw new RuntimeException('The Process class relies on proc_open, which is not available on your PHP installation.');
@@ -171,7 +171,10 @@ public function __construct($commandline, $cwd = null, array $env = null, $input
171171
$this->pty = false;
172172
$this->enhanceWindowsCompatibility = true;
173173
$this->enhanceSigchildCompatibility = '\\' !== DIRECTORY_SEPARATOR && $this->isSigchildEnabled();
174-
$this->options = array_replace(array('suppress_errors' => true, 'binary_pipes' => true), $options);
174+
if (null !== $options) {
175+
@trigger_error(sprintf('The $options parameter of the %s constructor is deprecated since version 3.3 and will be removed in 4.0.', __CLASS__), E_USER_DEPRECATED);
176+
$this->options = array_replace(array('suppress_errors' => true), $options);
177+
}
175178
}
176179

177180
public function __destruct()
@@ -268,47 +271,40 @@ public function start(callable $callback = null)
268271
$descriptors = $this->getDescriptors();
269272

270273
$commandline = $this->commandline;
271-
$envline = '';
272274

273-
if (null !== $this->env && $this->inheritEnv) {
274-
if ('\\' === DIRECTORY_SEPARATOR && !empty($this->options['bypass_shell']) && !$this->enhanceWindowsCompatibility) {
275-
throw new LogicException('The "bypass_shell" option must be false to inherit environment variables while enhanced Windows compatibility is off');
276-
}
277-
$env = '\\' === DIRECTORY_SEPARATOR ? '(SET %s)&&' : 'export %s;';
278-
foreach ($this->env as $k => $v) {
279-
$envline .= sprintf($env, ProcessUtils::escapeArgument("$k=$v"));
275+
$env = $this->env;
276+
$envBackup = array();
277+
if (null !== $env && $this->inheritEnv) {
278+
foreach ($env as $k => $v) {
279+
$envBackup[$k] = getenv($v);
280+
putenv("$k=$v");
280281
}
281282
$env = null;
282-
} else {
283-
$env = $this->env;
283+
} elseif (null !== $env) {
284+
@trigger_error(sprintf('Not-inheriting environment variables is deprecated since Symfony 3.3 and will always happen in 4.0. Call "Process::inheritEnvironmentVariables()" instead before running the command.', __METHOD__), E_USER_DEPRECATED);
284285
}
285286
if ('\\' === DIRECTORY_SEPARATOR && $this->enhanceWindowsCompatibility) {
286-
$commandline = 'cmd /V:ON /E:ON /D /C "('.$envline.$commandline.')';
287-
foreach ($this->processPipes->getFiles() as $offset => $filename) {
288-
$commandline .= ' '.$offset.'>'.ProcessUtils::escapeArgument($filename);
289-
}
290-
$commandline .= '"';
291-
292-
if (!isset($this->options['bypass_shell'])) {
293-
$this->options['bypass_shell'] = true;
294-
}
287+
$this->options['bypass_shell'] = true;
288+
$commandline = $this->prepareWindowsCommandLine($commandline, $envBackup);
295289
} elseif (!$this->useFileHandles && $this->enhanceSigchildCompatibility && $this->isSigchildEnabled()) {
296290
// last exit code is output on the fourth pipe and caught to work around --enable-sigchild
297291
$descriptors[3] = array('pipe', 'w');
298292

299293
// See https://unix.stackexchange.com/questions/71205/background-process-pipe-input
300-
$commandline = $envline.'{ ('.$this->commandline.') <&3 3<&- 3>/dev/null & } 3<&0;';
294+
$commandline = '{ ('.$this->commandline.') <&3 3<&- 3>/dev/null & } 3<&0;';
301295
$commandline .= 'pid=$!; echo $pid >&3; wait $pid; code=$?; echo $code >&3; exit $code';
302296

303297
// Workaround for the bug, when PTS functionality is enabled.
304298
// @see : https://bugs.php.net/69442
305299
$ptsWorkaround = fopen(__FILE__, 'r');
306-
} elseif ('' !== $envline) {
307-
$commandline = $envline.$commandline;
308300
}
309301

310302
$this->process = proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, $env, $this->options);
311303

304+
foreach ($envBackup as $k => $v) {
305+
putenv(false === $v ? $k : "$k=$v");
306+
}
307+
312308
if (!is_resource($this->process)) {
313309
throw new RuntimeException('Unable to launch a new process.');
314310
}
@@ -1148,9 +1144,13 @@ public function setInput($input)
11481144
* Gets the options for proc_open.
11491145
*
11501146
* @return array The current options
1147+
*
1148+
* @deprecated since version 3.3, to be removed in 4.0.
11511149
*/
11521150
public function getOptions()
11531151
{
1152+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0.', __METHOD__), E_USER_DEPRECATED);
1153+
11541154
return $this->options;
11551155
}
11561156

@@ -1160,9 +1160,13 @@ public function getOptions()
11601160
* @param array $options The new options
11611161
*
11621162
* @return self The current Process instance
1163+
*
1164+
* @deprecated since version 3.3, to be removed in 4.0.
11631165
*/
11641166
public function setOptions(array $options)
11651167
{
1168+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0.', __METHOD__), E_USER_DEPRECATED);
1169+
11661170
$this->options = $options;
11671171

11681172
return $this;
@@ -1174,9 +1178,13 @@ public function setOptions(array $options)
11741178
* This is true by default.
11751179
*
11761180
* @return bool
1181+
*
1182+
* @deprecated since version 3.3, to be removed in 4.0. Enhanced Windows compatibility will always be enabled.
11771183
*/
11781184
public function getEnhanceWindowsCompatibility()
11791185
{
1186+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Enhanced Windows compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);
1187+
11801188
return $this->enhanceWindowsCompatibility;
11811189
}
11821190

@@ -1186,9 +1194,13 @@ public function getEnhanceWindowsCompatibility()
11861194
* @param bool $enhance
11871195
*
11881196
* @return self The current Process instance
1197+
*
1198+
* @deprecated since version 3.3, to be removed in 4.0. Enhanced Windows compatibility will always be enabled.
11891199
*/
11901200
public function setEnhanceWindowsCompatibility($enhance)
11911201
{
1202+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Enhanced Windows compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);
1203+
11921204
$this->enhanceWindowsCompatibility = (bool) $enhance;
11931205

11941206
return $this;
@@ -1198,9 +1210,13 @@ public function setEnhanceWindowsCompatibility($enhance)
11981210
* Returns whether sigchild compatibility mode is activated or not.
11991211
*
12001212
* @return bool
1213+
*
1214+
* @deprecated since version 3.3, to be removed in 4.0. Sigchild compatibility will always be enabled.
12011215
*/
12021216
public function getEnhanceSigchildCompatibility()
12031217
{
1218+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Sigchild compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);
1219+
12041220
return $this->enhanceSigchildCompatibility;
12051221
}
12061222

@@ -1214,9 +1230,13 @@ public function getEnhanceSigchildCompatibility()
12141230
* @param bool $enhance
12151231
*
12161232
* @return self The current Process instance
1233+
*
1234+
* @deprecated since version 3.3, to be removed in 4.0.
12171235
*/
12181236
public function setEnhanceSigchildCompatibility($enhance)
12191237
{
1238+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Sigchild compatibility will always be enabled.', __METHOD__), E_USER_DEPRECATED);
1239+
12201240
$this->enhanceSigchildCompatibility = (bool) $enhance;
12211241

12221242
return $this;
@@ -1228,9 +1248,15 @@ public function setEnhanceSigchildCompatibility($enhance)
12281248
* @param bool $inheritEnv
12291249
*
12301250
* @return self The current Process instance
1251+
*
1252+
* @deprecated since version 3.3, to be removed in 4.0. Environment variables will always be inherited.
12311253
*/
1232-
public function inheritEnvironmentVariables($inheritEnv = true)
1254+
public function inheritEnvironmentVariables($inheritEnv = true/*, $triggerDeprecation = true*/)
12331255
{
1256+
if (2 > func_num_args() || func_get_arg(1)) {
1257+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Environment variables will always be inherited. To silence this notice, set the second argument of "Process::inheritEnvironmentVariables()" to "false", then wrap the call in a "method_exists()" check.', __METHOD__), E_USER_DEPRECATED);
1258+
}
1259+
12341260
$this->inheritEnv = (bool) $inheritEnv;
12351261

12361262
return $this;
@@ -1240,9 +1266,13 @@ public function inheritEnvironmentVariables($inheritEnv = true)
12401266
* Returns whether environment variables will be inherited or not.
12411267
*
12421268
* @return bool
1269+
*
1270+
* @deprecated since version 3.3, to be removed in 4.0. Environment variables will always be inherited.
12431271
*/
12441272
public function areEnvironmentVariablesInherited()
12451273
{
1274+
@trigger_error(sprintf('The %s method is deprecated since version 3.3 and will be removed in 4.0. Environment variables will always be inherited.', __METHOD__), E_USER_DEPRECATED);
1275+
12461276
return $this->inheritEnv;
12471277
}
12481278

@@ -1561,6 +1591,44 @@ private function doSignal($signal, $throwException)
15611591
return true;
15621592
}
15631593

1594+
private function prepareWindowsCommandLine($cmd, array &$envBackup)
1595+
{
1596+
$uid = uniqid('', true);
1597+
$varCount = 0;
1598+
$varCache = array('""' => '""');
1599+
$cmd = preg_replace_callback(
1600+
'/"((?:[^"]*+("(?:\^[%!])?+")*+)*+)"/',
1601+
function ($m) use (&$envBackup, &$varCache, &$varCount, $uid) {
1602+
if (isset($varCache[$m[0]])) {
1603+
return $varCache[$m[0]];
1604+
}
1605+
if (false !== strpos($value = $m[1], "\0")) {
1606+
$value = str_replace("\0", '?', $value);
1607+
}
1608+
if (false === strpbrk($value, "\"%!\n")) {
1609+
return '"'.$value.'"';
1610+
}
1611+
1612+
$value = str_replace(array('!LF!', '"^!"', '"^%"', '""'), array("\n", '!', '%', '"'), $value);
1613+
$value = preg_replace('/(\\\\*)"/', '$1$1\\"', $value);
1614+
1615+
$var = $uid.++$varCount;
1616+
putenv("$var=\"$value\"");
1617+
$envBackup[$var] = false;
1618+
1619+
return $varCache[$m[0]] = '!'.$var.'!';
1620+
},
1621+
$cmd
1622+
);
1623+
1624+
$cmd = 'cmd /V:ON /E:ON /D /C ('.str_replace("\n", ' ', $cmd).')';
1625+
foreach ($this->processPipes->getFiles() as $offset => $filename) {
1626+
$cmd .= ' '.$offset.'>"'.$filename.'"';
1627+
}
1628+
1629+
return $cmd;
1630+
}
1631+
15641632
/**
15651633
* Ensures the process is running or terminated, throws a LogicException if the process has a not started.
15661634
*

0 commit comments

Comments
 (0)