php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #26566 Why does EXEC() have to use CMD.EXE
Submitted: 2003-12-09 16:34 UTC Modified: 2017-04-04 09:00 UTC
Votes:16
Avg. Score:4.6 ± 0.8
Reproduced:13 of 13 (100.0%)
Same Version:5 (38.5%)
Same OS:9 (69.2%)
From: taomyn at hotmail dot com Assigned: peehaa (profile)
Status: Closed Package: Documentation problem
PHP Version: * OS: Windows
Private report: No CVE-ID: None
View Developer Edit
 [2003-12-09 16:34 UTC] taomyn at hotmail dot com 
Description:
------------
Why does EXEC() have to spawn an extra CMD.EXE when executing a program?

For example, to execute NOTEPAD.EXE, WORDPAD.EXE, even ImageMagicks CONVERT.EXE, when called with EXEC() causes a CMD.EXE process to executed which then calls the program requested. It's not needed.

Please can we have a version of EXEC that does not use CMD.EXE?

It's not always needed and can cause major issues such as hanging sessions and hanging web services. A prime example are users of Gallery by http://gallery.menalto.com - many of their Windows users have this issue which is why they do not "officially" support Windows when it should work.

Thanks,
Taomyn

Reproduce code:
---------------
Call any Windows program with EXEC() and you get a CMD.EXE process that then calls the requested program.

E.g. exec("c:\\winnt\\notepad.exe",$result,$status);


Expected result:
----------------
Only NOTEPAD.EXE should appear.

Actual result:
--------------
"CMD.EXE /C NOTEPAD.EXE" and "NOTEPAD.EXE" appears in the process list

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-12-09 16:50 UTC] wez@php.net 
Because we use it as the shell to launch not only external processes, but built-in commands such as dir that are not found in separate binaries.

I can see the use, but can't see how to implement it without breaking backwards compatibility.
 [2003-12-10 03:13 UTC] taomyn at hotmail dot com 
Perhaps you could create a new function, or even add an extra optional boolean parameter to EXEC() that would when "true" would not use CMD.EXE?

E.g.
$no_cmd = true;
EXEC("c:\\winnt\\notepad.exe", $result, $status, $no_cmd);

This wouldn't break old code?
 [2015-01-01 16:51 UTC] tyrael@php.net
-Package: Feature/Change Request +Package: *General Issues -Operating System: Windows 2000 and IIS 5 +Operating System: Windows -PHP Version: 4.3.4 +PHP Version: 7.0
 [2015-01-01 16:51 UTC] tyrael@php.net 
we already have bypass_shell for proc_open, we could do something similar for exec (or just document this better and advise people on windows to use proc_open if they don't want the additional cmd.exe to be executed).
 [2015-06-13 06:54 UTC] kalle@php.net
-Status: Open +Status: Analyzed -PHP Version: 7.0 +PHP Version: *
 [2015-06-13 06:54 UTC] kalle@php.net 
Changing this to any version, as the BC break should be low enough to be allowed to be introduced in a x.z release
 [2016-11-18 22:21 UTC] kalle@php.net
-Type: Feature/Change Request +Type: Documentation Problem
 [2016-11-18 22:21 UTC] kalle@php.net 
Thinking about this more, I think like Ferenc said, we should document this better and point to the bypass_shell open for proc_open() to keep BC. Adapting to proc_open() from exec() should be really straight forward.

Reclassifying the report to be a documentation type.
 [2017-04-04 09:00 UTC] peehaa@php.net
-Package: *General Issues +Package: Documentation problem -Assigned To: +Assigned To: peehaa
 [2017-04-04 09:01 UTC] peehaa@php.net
-Status: Analyzed +Status: Closed
 [2017-04-04 09:01 UTC] peehaa@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Mar 28 22:01:29 2025 UTC