php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #78177 Make proc_open accept command array
Submitted: 2019-06-18 07:45 UTC Modified: 2019-06-28 09:19 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: nicolas dot grekas+php at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Program Execution
PHP Version: Next Minor Version OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nicolas dot grekas+php at gmail dot com
New email:
PHP Version: OS:

 

 [2019-06-18 07:45 UTC] nicolas dot grekas+php at gmail dot com 
Description:
------------
Right now, PHP misses a low level primitive to run a process without argument escaping issues.
The reason is that proc_open accepts only a string to define the command, so that a command line parser is required under the hood.
This also creates the long-lasting issue with signaling, where the shell get them instead of the command itself.

Both issues would be fixed by having a way to launch shell-less command lines.
All programming language have this, but PHP.

proc_open($array, ...) could be the way to go. We're missing this badly.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-06-18 07:51 UTC] sjon@php.net
-Type: Bug +Type: Feature/Change Request -Package: Unknown/Other Function +Package: Program Execution
 [2019-06-18 07:51 UTC] sjon@php.net 
implode(' ', array_map('escapeshellarg', $array)) might be a suitable workaround
 [2019-06-18 08:16 UTC] nicolas dot grekas+php at gmail dot com 
Unfortunately, I know all the workarounds, that's why I'm asking for this.

escapeshellarg is just a poor man's band aid. On Windows esp., it breaks many arguments, as soon as they contains non-alphanumeric chars. E.g. a CR/LF or quotes.

There is a package that gives it a try, and which links to doc about how escaping works:
https://github.com/johnstevenson/winbox-args

TL;DR escaping is context-sensitive on Windows, si that it is impossible to fully escape a generic string.

That's why this FR is much needed.
 [2019-06-18 11:56 UTC] nicolas dot grekas+php at gmail dot com 
Oh btw, for reference, ext-async accepts command line arrays:
https://github.com/concurrent-php/ext-async#processbuilder
 [2019-06-27 11:49 UTC] sjon@php.net 
The following pull request has been associated:

Patch Name: Support array command in proc_open()
On GitHub:  https://github.com/php/php-src/pull/4305
Patch:      https://github.com/php/php-src/pull/4305.patch
 [2019-06-28 09:19 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2019-06-28 09:19 UTC] nikic@php.net 
Implemented in https://github.com/php/php-src/commit/8be051015e04ce6151da77581922eea65330f354.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 15:00:01 2025 UTC