php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #33664 Console window appears when using exec()
Submitted: 2005-07-12 16:44 UTC Modified: 2007-04-02 20:51 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: richard dot quadling at bandvulc dot co dot uk Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 5.2.2-dev OS: Windows
Private report: No CVE-ID:
 [2005-07-12 16:44 UTC] richard dot quadling at bandvulc dot co dot uk
Description:
------------
Hi.

I have a LOT of php scripts which are launched via Windows task scheduler. They are executed using php-win.exe.

Nothing wrong so far.

Some of the scripts run other programs (e.g. WinRAR, NSLookup).

When these programs are launched, a black window (the console window) appears.

This is REALLY bad. This takes focus away from what I am doing.

I'm using the php-win.exe which is supposed to NOT supply a console box.

Now.

Having looked at the source, I see that when an external application is called, it is invoked via the system command line interpreter. I've seen the various discussions about this and its security implications.

Personally, I'd rather the command shell was NOT loaded, but ...

The real issue for me is that the command shell is launched and creates a window.

I suggest the following changes to the PHP source.



/* $Id: tsrm_win32.c,v 1.26 2004/01/08 08:14:03 andi Exp $ */

Line 214

if (!CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, NORMAL_PRIORITY_CLASS, env, cwd, &startup, &process)) {

becomes

if (!CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env, cwd, &startup, &process)) {




/* $Id: proc_open.c,v 1.35 2005/07/01 06:49:29 hyanantha Exp $ */

Line 748

newprocok = CreateProcess(NULL, command_with_cmd, &security, &security, TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);

becomes

newprocok = CreateProcess(NULL, command_with_cmd, &security, &security, TRUE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env.envp, cwd, &si, &pi);





static const char rcsid[] = "$Id: os_win32.c,v 1.6 2002/10/13 07:23:17 shane Exp $";

Line 1260 to 1269

    success = CreateProcess(execPath,	/* LPCSTR address of module name */
			NULL,           /* LPCSTR address of command line */
		        NULL,		/* Process security attributes */
			NULL,		/* Thread security attributes */
			TRUE,		/* Inheritable Handes inherited. */
			0,		/* DWORD creation flags  */
		    env,           /* Use parent environment block */
			NULL,		/* Address of current directory name */
			&StartupInfo,   /* Address of STARTUPINFO  */
			pInfo);	/* Address of PROCESS_INFORMATION   */

becomes

    success = CreateProcess(execPath,	/* LPCSTR address of module name */
			NULL,           /* LPCSTR address of command line */
		        NULL,		/* Process security attributes */
			NULL,		/* Thread security attributes */
			TRUE,		/* Inheritable Handes inherited. */
			NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW,		/* DWORD creation flags  */
		    env,           /* Use parent environment block */
			NULL,		/* Address of current directory name */
			&StartupInfo,   /* Address of STARTUPINFO  */
			pInfo);	/* Address of PROCESS_INFORMATION   */


Ideally, the CREATE_NO_WINDOW should only be added (or OR'd :-)) if the executable is not the normal php.exe (i.e. ISAPI, CGI, php-win.exe, etc).

Regards,

Richard Quadling.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-22 13:12 UTC] zynevich at jbaw dot iba dot by
Our customer runs PHP5.1.6. from XAMPP stack and when code simply call shell_exec block cmd window appear (they use browser and web server on the same machine -- light weight server application). When I recompiled PHP with proposed changes bug disappeared.
 [2007-03-22 15:43 UTC] richard dot quadling at bandvulc dot co dot uk
Patches for this...

Index: tsrm_win32.c
===================================================================
RCS file: /repository/TSRM/tsrm_win32.c,v
retrieving revision 1.31
diff -u -r1.31 tsrm_win32.c
--- tsrm_win32.c	20 Mar 2007 17:57:44 -0000	1.31
+++ tsrm_win32.c	22 Mar 2007 15:39:50 -0000
@@ -219,7 +219,7 @@
 
 	cmd = (char*)malloc(strlen(command)+strlen(TWG(comspec))+sizeof(" /c "));
 	sprintf(cmd, "%s /c %s", TWG(comspec), command);
-	if (!CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, NORMAL_PRIORITY_CLASS, env, cwd, &startup, &process)) {
+	if (!CreateProcess(NULL, cmd, &security, &security, security.bInheritHandle, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env, cwd, &startup, &process)) {
 		return NULL;
 	}
 	free(cmd);



and


Index: proc_open.c
===================================================================
RCS file: /repository/php-src/ext/standard/proc_open.c,v
retrieving revision 1.54
diff -u -r1.54 proc_open.c
--- proc_open.c	24 Feb 2007 16:25:55 -0000	1.54
+++ proc_open.c	22 Mar 2007 15:39:17 -0000
@@ -738,11 +738,11 @@
 	}
 	
 	if (bypass_shell) {
-		newprocok = CreateProcess(NULL, command, &security, &security, TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);
+		newprocok = CreateProcess(NULL, command, &security, &security, TRUE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env.envp, cwd, &si, &pi);
 	} else {
 		spprintf(&command_with_cmd, 0, "%s /c %s", GetVersion() < 0x80000000 ? COMSPEC_NT : COMSPEC_9X, command);
 
-		newprocok = CreateProcess(NULL, command_with_cmd, &security, &security, TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);
+		newprocok = CreateProcess(NULL, command_with_cmd, &security, &security, TRUE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env.envp, cwd, &si, &pi);
 
 		efree(command_with_cmd);
 	}
 [2007-04-02 20:51 UTC] stas@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 10:02:09 2014 UTC