Document proc_open Windows /s /c change in PHP 8.0.0 #5262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

lacatoire wants to merge 1 commit into php:master from lacatoire:fix/proc-open-windows-cmd-flags

reference/exec/functions/proc-open.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -55,13 +55,14 @@ @@
             On <emphasis>Windows</emphasis>, unless <literal>bypass_shell</literal> is set to &true; in
             <parameter>options</parameter>, the <parameter>command</parameter> is
             passed to <command>cmd.exe</command> (actually, <literal>%ComSpec%</literal>)
-            with the <literal>/c</literal> flag as <emphasis>unquoted</emphasis> string
-            (i.e. exactly as has been given to <function>proc_open</function>).
-            This can cause <command>cmd.exe</command> to remove enclosing quotes from
-            <parameter>command</parameter> (for details see the <command>cmd.exe</command> documentation),
-            resulting in unexpected, and potentially even dangerous behavior, because
-            <command>cmd.exe</command> error messages may contain (parts of) the passed
-            <parameter>command</parameter> (see example below).
+            with the <literal>/s /c</literal> flags as
+            <command>%ComSpec% /s /c "$command"</command>, which has the same
+            effect as executing <parameter>command</parameter> directly (without
+            additional quotes).
+            Prior to PHP 8.0.0, the <literal>/c</literal> flag was used without
+            <literal>/s</literal>, which could cause <command>cmd.exe</command> to
+            remove enclosing quotes from <parameter>command</parameter>
+            (see example below).
            </simpara>
           </note>
           <para>
@@ Expand Down Expand Up / @@ -216,6 +217,16 @@ @@
             non-empty element.
            </entry>
           </row>
+          <row>
+           <entry>8.0.0</entry>
+           <entry>
+            On Windows, the string <parameter>command</parameter> is now
+            executed via <command>%ComSpec% /s /c "$command"</command> instead
+            of the previous <command>%ComSpec% /c $command</command>, which
+            has the same effect as executing <parameter>command</parameter>
+            directly.
+           </entry>
+          </row>
           <row>
            <entry>7.4.4</entry>
            <entry>
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Document proc_open Windows /s /c change in PHP 8.0.0 #5262

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Document proc_open Windows /s /c change in PHP 8.0.0 #5262

Are you sure you want to change the base?

Uh oh!

Document proc_open Windows /s /c change in PHP 8.0.0 #5262

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing