Skip to content

run-tests.php does not escape path when building cmd #10489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mvorisek opened this issue Feb 2, 2023 · 6 comments · Fixed by #10560
Closed

run-tests.php does not escape path when building cmd #10489

mvorisek opened this issue Feb 2, 2023 · 6 comments · Fixed by #10560
Labels
Bug Status: Needs Triage

Comments

@mvorisek
Copy link
Contributor

mvorisek commented Feb 2, 2023

Description

https://github.com/php/php-src/blob/php-8.2.2/run-tests.php#L2397

the $php variable is set like: https://github.com/php/php-src/blob/php-8.2.2/run-tests.php#L518

and when it is used to build a full cmd string, it must be escaped, currently when the path contains spaces, the testing fails, especially on Windows, where the path is very often in format like: C:\Program Files\PHP\php.exe

PHP Version

any

Operating System

any
@mvorisek mvorisek changed the title run-tests.php does not escape path run-tests.php does not escape path when building cmd Feb 2, 2023
@nielsdos
Copy link
Member

nielsdos commented Feb 8, 2023

Seems like we can use escapeshellarg to solve this issue I think. But we have to be careful about these lines tho:

php-src/run-tests.php

Line 1873 in b20c0e9

$php = $php_cgi . ' -C ';
&

php-src/run-tests.php

Line 1884 in b20c0e9

$php = $phpdbg . ' -qIb';
. So we only must do it on the paths, and not blindly on the $php variable.

@nielsdos
Copy link
Member

nielsdos commented Feb 9, 2023

I tried this, and it mostly works. But I ran into the following issue:
Some tests (for example sapi/cli/tests/021.phpt) use a hashbang line to invoke PHP from the CLI. The problem here is that it is not possible to escape a path in the hashbang line, so those tests will fail. The only workaround I found is to use a symlink and then override the TEST_PHP_EXECUTABLE environment variable (& friends) in order to use the symlink. But I'm not so sure if the maintainers will like this solution... Another idea might be to simply skip those problematic tests.

@mvorisek
Copy link
Contributor Author

mvorisek commented Feb 9, 2023

isn't shebang ignored when a script is run like php xxx.php?

@nielsdos
Copy link
Member

nielsdos commented Feb 9, 2023

isn't shebang ignored when a script is run like php xxx.php?

Yes, but I'm pretty sure that test does want to test how the hashbang interacts with PHP.

@mvorisek
Copy link
Contributor Author

mvorisek commented Feb 9, 2023

based on conda/conda#186 we can probably skip the test if TEST_PHP_EXECUTABLE (in https://github.com/php/php-src/blob/master/sapi/cli/tests/021.phpt#L17) contain space

@nielsdos
Copy link
Member

nielsdos commented Feb 9, 2023

Yeah I was thinking that as well, sounds reasonable. I'll try that shortly (currently working on another issue report).

nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
8c242c3 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
4c32825 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
@nielsdos nielsdos mentioned this issue Feb 10, 2023
Merged
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
3c944bf 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
e4c3524 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
2d63a4c 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 10, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
7a0635a 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 11, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
8cd9090 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 13, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
d77cb70 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 13, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
cbc10c6 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 15, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
c25e501 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 15, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
8dae878 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 23, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
89de497 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
nielsdos added a commit to nielsdos/php-src that referenced this issue Feb 25, 2023
@nielsdos
Fix phpGH-10489: run-tests.php does not escape path when building cmd
4a3a2d4 
Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.
Girgias pushed a commit that referenced this issue Feb 25, 2023
@nielsdos @mvorisek
Fix GH-10489: run-tests.php does not escape path when building cmd (#…
dcc3255 
…10560)

Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.

Co-authored-by: Michael Voříšek <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-10489: run-tests.php does not escape path when building cmd nielsdos/php-src
2 participants
@mvorisek @nielsdos