PHP :: Bug #50271 :: Windows hard coding of CMD / COMMAND.COM rather than envvar(COMSPEC)

Bug #50271

Windows hard coding of CMD / COMMAND.COM rather than envvar(COMSPEC)

Submitted:

2009-11-23 13:15 UTC

Modified:

2016-09-13 23:50 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	0 of 0 (0.0%)

From:

RQuadling at GMail dot com

Assigned:

pajoye (profile)

Status:

Closed

Package:

Program Execution

PHP Version:

5.3SVN-2009-11-23 (SVN)

OS:

win32 only - Windows XP SP3

Private report:

CVE-ID:

None

View Developer Edit

[2009-11-23 13:15 UTC] RQuadling at GMail dot com

Description:
------------
In http://lxr.php.net/source/TSRM/tsrm_win32.c#52, the shell to execute is hardcoded.

This should be retrieved via GetEnvironmentVariable('COMSPEC', ...);

As such, any program called cmd.exe (or command.com for older, and now unsupported by PHP, versions of windows) in a directory accessible via the PATH _before_ the actual location of cmd.exe/command.com will be loaded for the shell.

The environment variable "COMSPEC" (now known as "ComSpec", but is case insensitive for Windows) by default includes the path.

Whilst this is not a series bug, it does mean PHP conforms to other languages and applications that can invoke a console shell via COMSPEC, rather than using a hard-coded name.


Considering that PHP doesn't support older versions of windows any longer, the whole test on GetVersion() is also redundant.

Patches

proc_open_COMSPEC.patch (last revision 2010-03-26 13:35 UTC by rquadling@php.net)
TSRM_Win32_COMSPEC.patch (last revision 2010-03-26 13:05 UTC by rquadling@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-23 13:31 UTC] jani@php.net

FYI: In the future when a bug is clearly windows only, use os prefix 'win32 only -' to preserve my sanity..

[2010-03-26 14:05 UTC] rquadling@php.net

The following patch has been added/updated:

Patch Name: TSRM_Win32_COMSPEC.patch
Revision:   1269608726
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=TSRM_Win32_COMSPEC.patch&revision=1269608726

[2010-03-26 14:35 UTC] rquadling@php.net

The following patch has been added/updated:

Patch Name: proc_open_COMSPEC.patch
Revision:   1269610539
URL:        http://bugs.php.net/patch-display.php?bug=50271&patch=proc_open_COMSPEC.patch&revision=1269610539

[2010-06-20 20:22 UTC] pajoye@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: pajoye

[2016-09-13 23:50 UTC] ab@php.net

-Status: Assigned +Status: Closed

[2016-09-13 23:50 UTC] ab@php.net

This is fixed at least in PHP 7, didn't check earlier.

Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC