php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50271 Windows hard coding of CMD / COMMAND.COM rather than envvar(COMSPEC)
Submitted: 2009-11-23 13:15 UTC Modified: 2016-09-13 23:50 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:0 of 0 (0.0%)
From: RQuadling at GMail dot com Assigned: pajoye (profile)
Status: Closed Package: Program Execution
PHP Version: 5.3SVN-2009-11-23 (SVN) OS: win32 only - Windows XP SP3
Private report: No CVE-ID: None
 [2009-11-23 13:15 UTC] RQuadling at GMail dot com
Description:
------------
In http://lxr.php.net/source/TSRM/tsrm_win32.c#52, the shell to execute is hardcoded.

This should be retrieved via GetEnvironmentVariable('COMSPEC', ...);

As such, any program called cmd.exe (or command.com for older, and now unsupported by PHP, versions of windows) in a directory accessible via the PATH _before_ the actual location of cmd.exe/command.com will be loaded for the shell.

The environment variable "COMSPEC" (now known as "ComSpec", but is case insensitive for Windows) by default includes the path.

Whilst this is not a series bug, it does mean PHP conforms to other languages and applications that can invoke a console shell via COMSPEC, rather than using a hard-coded name.


Considering that PHP doesn't support older versions of windows any longer, the whole test on GetVersion() is also redundant.






Patches

proc_open_COMSPEC.patch (last revision 2010-03-26 13:35 UTC by rquadling@php.net)
TSRM_Win32_COMSPEC.patch (last revision 2010-03-26 13:05 UTC by rquadling@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-23 13:31 UTC] jani@php.net
FYI: In the future when a bug is clearly windows only, use os prefix 'win32 only -' to preserve my sanity..
 [2010-03-26 14:05 UTC] rquadling@php.net
The following patch has been added/updated:

Patch Name: TSRM_Win32_COMSPEC.patch
Revision:   1269608726
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=TSRM_Win32_COMSPEC.patch&revision=1269608726
 [2010-03-26 14:35 UTC] rquadling@php.net
The following patch has been added/updated:

Patch Name: proc_open_COMSPEC.patch
Revision:   1269610539
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=proc_open_COMSPEC.patch&revision=1269610539
 [2010-06-20 20:22 UTC] pajoye@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye
 [2016-09-13 23:50 UTC] ab@php.net
-Status: Assigned +Status: Closed
 [2016-09-13 23:50 UTC] ab@php.net
This is fixed at least in PHP 7, didn't check earlier.

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 20:01:28 2024 UTC