PHP :: Bug #50271 :: Windows hard coding of CMD / COMMAND.COM rather than envvar(COMSPEC)

Bug #50271

Windows hard coding of CMD / COMMAND.COM rather than envvar(COMSPEC)

Submitted:

2009-11-23 13:15 UTC

Modified:

2016-09-13 23:50 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	0 of 0 (0.0%)

From:

RQuadling at GMail dot com

Assigned:

pajoye (profile)

Status:

Closed

Package:

Program Execution

PHP Version:

5.3SVN-2009-11-23 (SVN)

OS:

win32 only - Windows XP SP3

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	RQuadling at GMail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-11-23 13:15 UTC] RQuadling at GMail dot com

Description:
------------
In http://lxr.php.net/source/TSRM/tsrm_win32.c#52, the shell to execute is hardcoded.

This should be retrieved via GetEnvironmentVariable('COMSPEC', ...);

As such, any program called cmd.exe (or command.com for older, and now unsupported by PHP, versions of windows) in a directory accessible via the PATH _before_ the actual location of cmd.exe/command.com will be loaded for the shell.

The environment variable "COMSPEC" (now known as "ComSpec", but is case insensitive for Windows) by default includes the path.

Whilst this is not a series bug, it does mean PHP conforms to other languages and applications that can invoke a console shell via COMSPEC, rather than using a hard-coded name.


Considering that PHP doesn't support older versions of windows any longer, the whole test on GetVersion() is also redundant.

Patches

proc_open_COMSPEC.patch (last revision 2010-03-26 13:35 UTC by rquadling@php.net)
TSRM_Win32_COMSPEC.patch (last revision 2010-03-26 13:05 UTC by rquadling@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-23 13:31 UTC] jani@php.net

FYI: In the future when a bug is clearly windows only, use os prefix 'win32 only -' to preserve my sanity..

[2010-03-26 14:05 UTC] rquadling@php.net

The following patch has been added/updated:

Patch Name: TSRM_Win32_COMSPEC.patch
Revision:   1269608726
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=TSRM_Win32_COMSPEC.patch&revision=1269608726

[2010-03-26 14:35 UTC] rquadling@php.net

The following patch has been added/updated:

Patch Name: proc_open_COMSPEC.patch
Revision:   1269610539
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=proc_open_COMSPEC.patch&revision=1269610539

[2010-06-20 20:22 UTC] pajoye@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye

[2016-09-13 23:50 UTC] ab@php.net

-Status: Assigned +Status: Closed

[2016-09-13 23:50 UTC] ab@php.net

This is fixed at least in PHP 7, didn't check earlier.

Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC