Fix GH-10489: run-tests.php does not escape path when building cmd

Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.

Author: nielsdos

Zend/tests/bug40236.phpt

@@ -6,8 +6,8 @@ if (extension_loaded("readline")) die("skip Test doesn't support readline");
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
-$cmd = "\"$php\" -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
+$php = escapeshellarg(getenv('TEST_PHP_EXECUTABLE'));
+$cmd = "$php -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
 echo `$cmd`;
 ?>
 --EXPECT--

Zend/tests/bug60978.phpt

@@ -3,7 +3,7 @@ Bug #60978 (exit code incorrect)
 --FILE--
 <?php
 $php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' -n -r "exit(2);"', $output, $exit_code);
+exec(escapeshellarg($php) . ' -n -r "exit(2);"', $output, $exit_code);
 echo $exit_code;
 ?>
 --EXPECT--

ext/com_dotnet/tests/bug77578.phpt

@@ -6,7 +6,7 @@ com_dotnet
 <?php
 // To actually be able to verify the crash during shutdown on Windows, we have
 // to execute a PHP subprocess, and check its exit status.
-$php = PHP_BINARY;
+$php = escapeshellarg(PHP_BINARY);
 $ini = php_ini_loaded_file();
 $iniopt = $ini ? "-c $ini" : '';
 $command = "$php $iniopt -d extension=com_dotnet -d com.autoregister_typelib=1 -r \"new COM('WbemScripting.SWbemLocator');\"";

ext/mbstring/tests/gh7902.phpt

@@ -3,6 +3,7 @@ GH-7902 (mb_send_mail may delimit headers with LF only)
 --SKIPIF--
 <?php
 if (!extension_loaded("mbstring")) die("skip mbstring extension not available");
+if (str_contains(getcwd(), " ")) die("skip sendmail_path ini with spaces");
 ?>
 --INI--
 sendmail_path={MAIL:{PWD}/gh7902.eml}

ext/simplexml/tests/bug79971_1.phpt

@@ -3,6 +3,7 @@ Bug #79971 (special character is breaking the path in xml function)
 --SKIPIF--
 <?php
 if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
+if (str_contains(getcwd(), ' ')) die('skip simplexml already escapes the path with spaces so this test does not work');
 ?>
 --FILE--
 <?php

ext/standard/tests/directory/bug74589_utf8.phpt

@@ -18,6 +18,7 @@ internal_encoding=utf-8
 $item = "bug74589_新建文件夹"; // utf-8 string
 $dir = __DIR__ . DIRECTORY_SEPARATOR . $item;
 $test_file = $dir . DIRECTORY_SEPARATOR . "test.php";
+$test_file_escaped = escapeshellarg($test_file);
 
 mkdir($dir);
 
@@ -27,9 +28,9 @@ file_put_contents($test_file,
     var_dump(__FILE__);
     var_dump(__DIR__ === __DIR__);");
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = escapeshellarg(getenv('TEST_PHP_EXECUTABLE'));
 
-echo shell_exec("$php -n $test_file");
+echo shell_exec("$php -n $test_file_escaped");
 
 ?>
 --EXPECTF--

ext/standard/tests/file/bug22414.phpt

@@ -6,22 +6,21 @@ output_handler=
 <?php
 
     $php = getenv('TEST_PHP_EXECUTABLE');
+    $php_escaped = escapeshellarg($php);
     $tmpfile = tempnam(__DIR__, 'phpt');
     $args = ' -n ';
 
     /* Regular Data Test */
-    passthru($php . $args . ' -r " echo \"HELLO\"; "');
+    passthru($php_escaped . $args . ' -r " echo \"HELLO\"; "');
 
     echo "\n";
 
     /* Binary Data Test */
-
+    $cmd = $php_escaped . $args . ' -r ' . escapeshellarg("readfile(@getenv('TEST_PHP_EXECUTABLE'));");
     if (substr(PHP_OS, 0, 3) != 'WIN') {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\'\\\'\'TEST_PHP_EXECUTABLE\'\\\'\')); \"';
-        $cmd = $php . $args . ' -r \' passthru("'.$cmd.'"); \' > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . escapeshellarg('passthru("'.$cmd.'");') . ' > '.escapeshellarg($tmpfile);
     } else {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\\\\\\"TEST_PHP_EXECUTABLE\\\\\\")); \"';
-        $cmd = $php . $args . ' -r " passthru(\''.$cmd.'\');" > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . "\"passthru('".addslashes($cmd)."');\"" . ' > '.escapeshellarg($tmpfile);
     }
     exec($cmd);
 

ext/standard/tests/file/bug26615.phpt

@@ -7,9 +7,9 @@ variables_order=E
 $out = array();
 $status = -1;
 if (substr(PHP_OS, 0, 3) != 'WIN') {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
+    exec(escapeshellarg($_ENV['TEST_PHP_EXECUTABLE']).' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
 } else {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
+    exec(escapeshellarg($_ENV['TEST_PHP_EXECUTABLE']).' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
 }
 print_r($out);
 ?>

ext/standard/tests/file/bug26938.phpt

@@ -4,7 +4,7 @@ Bug #26938 (exec does not read consecutive long lines correctly)
 <?php
 $out = array();
 $status = -1;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = escapeshellarg(getenv('TEST_PHP_EXECUTABLE'));
 if (substr(PHP_OS, 0, 3) != 'WIN') {
     exec($php . ' -n -r \''
          . '$lengths = array(10,20000,10000,5,10000,3);'

ext/standard/tests/file/mkdir-002.phpt

@@ -24,7 +24,8 @@ var_dump(rmdir("./mkdir-002"));
 var_dump(mkdir(__DIR__."/mkdir-002", 0777));
 var_dump(mkdir(__DIR__."/mkdir-002/subdir", 0777));
 $dirname = __DIR__."/mkdir-002";
-var_dump(`ls -l $dirname`);
+$dirname_escaped = escapeshellarg($dirname);
+var_dump(`ls -l $dirname_escaped`);
 var_dump(rmdir(__DIR__."/mkdir-002/subdir"));
 var_dump(rmdir(__DIR__."/mkdir-002"));
 

ext/standard/tests/file/popen_pclose_basic.phpt

@@ -16,15 +16,16 @@ echo "-- Testing popen(): reading from the pipe --\n";
 $dirpath = $file_path."/popen_basic";
 mkdir($dirpath);
 touch($dirpath."/popen_basic.tmp");
-define('CMD', "ls $dirpath");
+define('CMD', "ls " . escapeshellarg($dirpath));
 $file_handle = popen(CMD, 'r');
 fpassthru($file_handle);
 pclose($file_handle);
 
 echo "-- Testing popen(): reading from a file using 'cat' command --\n";
 create_files($dirpath, 1, "text_with_new_line", 0755, 100, "w", "popen_basic", 1, "bytes");
 $filename = $dirpath."/popen_basic1.tmp";
-$command = "cat $filename";
+$filename_escaped = escapeshellarg($filename);
+$command = "cat $filename_escaped";
 $file_handle = popen($command, "r");
 $return_value =  fpassthru($file_handle);
 echo "\n";

ext/standard/tests/file/proc_open01.phpt

@@ -4,7 +4,7 @@ proc_open() regression test 1 (proc_open() leak)
 <?php
 $pipes = array(1, 2, 3);
 $orig_pipes = $pipes;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = escapeshellarg(getenv('TEST_PHP_EXECUTABLE'));
 if ($php === false) {
     die("no php executable defined");
 }

ext/standard/tests/file/windows_mb_path/bug75063_cp1251.phpt

@@ -49,7 +49,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -n -d default_charset=cp1251 -f code.php"));
+print(shell_exec(escapeshellarg(getenv('TEST_PHP_EXECUTABLE')) . " -n -d default_charset=cp1251 -f code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/file/windows_mb_path/bug75063_utf8.phpt

@@ -47,7 +47,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -nf code.php"));
+print(shell_exec(escapeshellarg(getenv('TEST_PHP_EXECUTABLE')) . " -nf code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/general_functions/bug69646.phpt

@@ -24,7 +24,7 @@ SCRIPT;
 $script = __DIR__ . DIRECTORY_SEPARATOR . "arginfo.php";
 file_put_contents($script, $helper_script);
 
-$cmd =  PHP_BINARY . " " . $script . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
+$cmd = escapeshellarg(PHP_BINARY) . " " . escapeshellarg($script) . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
 
 system($cmd);
 

ext/standard/tests/general_functions/bug70018.phpt

@@ -5,9 +5,10 @@ Bug #70018 (exec does not strip all whitespace)
 $output = array();
 
 $test_fl = __DIR__ . DIRECTORY_SEPARATOR . md5(uniqid());
+$test_fl_escaped = escapeshellarg($test_fl);
 file_put_contents($test_fl, '<?php echo "abc\f\n \n";');
 
-exec(PHP_BINARY . " -n $test_fl", $output);
+exec(escapeshellarg(PHP_BINARY) . " -n $test_fl_escaped", $output);
 
 var_dump($output);
 

ext/standard/tests/general_functions/proc_open-mb0.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = escapeshellarg(PHP_BINARY);
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb0.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes,
         NULL,

ext/standard/tests/general_functions/proc_open-mb1.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = escapeshellarg(PHP_BINARY);
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb1.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes
         );

ext/standard/tests/general_functions/proc_open_pipes1.phpt

@@ -7,8 +7,8 @@ for ($i = 3; $i<= 30; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = escapeshellarg(getenv("TEST_PHP_EXECUTABLE"));
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes2.phpt

@@ -5,8 +5,8 @@ proc_open() with no pipes
 
 $spec = array();
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = escapeshellarg(getenv("TEST_PHP_EXECUTABLE"));
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes3.phpt

@@ -7,25 +7,26 @@ for ($i = 3; $i<= 5; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = escapeshellarg(getenv("TEST_PHP_EXECUTABLE"));
 $callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$callee_escaped = escapeshellarg($callee);
 
 $spec[$i] = array('pi');
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 
 $spec[$i] = 1;
 try {
-    proc_open("$php -n $callee", $spec, $pipes);
+    proc_open("$php -n $callee_escaped", $spec, $pipes);
 } catch (ValueError $exception) {
     echo $exception->getMessage() . "\n";
 }
 
 $spec[$i] = array('pipe', "test");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 $spec[$i] = array('file', "test", "z");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 echo "END\n";

ext/standard/tests/misc/bug79410.phpt

@@ -3,7 +3,7 @@ Bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without new
 --FILE--
 <?php
 ob_start();
-system(getenv('TEST_PHP_EXECUTABLE') . ' -n -r "echo str_repeat(\".\", 4095);"');
+system(escapeshellarg(getenv('TEST_PHP_EXECUTABLE')) . ' -n -r "echo str_repeat(\".\", 4095);"');
 var_dump(strlen(ob_get_clean()));
 ?>
 --EXPECT--

ext/standard/tests/streams/bug46024.phpt

@@ -12,7 +12,7 @@ if (getenv('SKIP_ASAN')) die("skip Test may leak");
 $php = realpath(getenv('TEST_PHP_EXECUTABLE'));
 $pipes = array();
 $proc = proc_open(
-    "$php -n -i"
+    escapeshellarg($php) . " -n -i"
     ,array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'))
     ,$pipes, __DIR__, array(), array()
 );

ext/standard/tests/streams/bug70198.phpt

@@ -17,6 +17,7 @@ server
 
 $srv_addr = "tcp://127.0.0.1:8964";
 $srv_fl = __DIR__ . "/bug70198_svr_" . md5(uniqid()) . ".php";
+$srv_fl_escaped = escapeshellarg($srv_fl);
 $srv_fl_cont = <<<SRV
 <?php
 \$socket = stream_socket_server('$srv_addr', \$errno, \$errstr);
@@ -35,7 +36,7 @@ if (!\$socket) {
 SRV;
 file_put_contents($srv_fl, $srv_fl_cont);
 $dummy0 = $dummy1 = array();
-$srv_proc = proc_open(PHP_BINARY . " -n $srv_fl", $dummy0, $dummy1);
+$srv_proc = proc_open(escapeshellarg(PHP_BINARY) . " -n $srv_fl_escaped", $dummy0, $dummy1);
 
 $i = 0;
 /* wait a bit for the server startup */

ext/standard/tests/streams/bug78883.phpt

@@ -13,7 +13,7 @@ $descriptorspec = array(
    //2 => array("file", "stderr.txt", "ab")
 );
 $pipes = [];
-$cmd = 'cmd.exe "/c START ^"^" /WAIT ' . PHP_BINARY . ' -r ^"var_dump(fgets(STDIN));"';
+$cmd = 'cmd.exe "/c START ^"^" /WAIT ' . escapeshellarg(PHP_BINARY) . ' -r ^"var_dump(fgets(STDIN));"';
 $proc = proc_open($cmd, $descriptorspec, $pipes);
 var_dump(is_resource($proc));
 $pid = proc_get_status($proc)['pid'];

ext/standard/tests/streams/proc_open_bug51800_right.phpt

@@ -9,8 +9,8 @@ if (strpos(PHP_OS, 'FreeBSD') !== false) {
 --FILE--
 <?php
 $callee = __DIR__ . "/process_proc_open_bug51800_right.php";
-$php = PHP_BINARY;
-$cmd = "$php -n $callee";
+$php = escapeshellarg(PHP_BINARY);
+$cmd = "$php -n " . escapeshellarg($callee);
 
 $status;
 $stdout = "";

ext/standard/tests/streams/proc_open_bug51800_right2.phpt

@@ -3,8 +3,8 @@ Bug #51800 proc_open on Windows hangs forever, the right way to do it with more
 --FILE--
 <?php
 $callee = __DIR__ . "/process_proc_open_bug51800_right2.php";
-$php = PHP_BINARY;
-$cmd = "$php -n $callee";
+$php = escapeshellarg(PHP_BINARY);
+$cmd = "$php -n " . escapeshellarg($callee);
 
 $status;
 $stdout = "";

ext/standard/tests/streams/proc_open_bug60120.phpt

@@ -19,7 +19,7 @@ if (\$input) {
 TMPFILE
 );
 
-$command = sprintf("%s -n %s", PHP_BINARY, $file);
+$command = sprintf("%s -n %s", escapeshellarg(PHP_BINARY), escapeshellarg($file));
 
 $process = proc_open(
     $command,

ext/standard/tests/streams/proc_open_bug64438.phpt

@@ -6,9 +6,9 @@ Bug #64438 proc_open hangs with stdin/out with 4097+ bytes
 error_reporting(E_ALL);
 
 if (substr(PHP_OS, 0, 3) == 'WIN') {
-    $cmd = PHP_BINARY . ' -n -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
+    $cmd = escapeshellarg(PHP_BINARY) . ' -n -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
 } else {
-    $cmd = PHP_BINARY . ' -n -r \'fwrite(STDOUT, $in = file_get_contents("php://stdin")); fwrite(STDERR, $in);\'';
+    $cmd = escapeshellarg(PHP_BINARY) . ' -n -r \'fwrite(STDOUT, $in = file_get_contents("php://stdin")); fwrite(STDERR, $in);\'';
 }
 $descriptors = array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w'));
 $stdin = str_repeat('*', 4097);

ext/standard/tests/streams/proc_open_bug69900.phpt

@@ -23,7 +23,7 @@ file_put_contents($fl, $test_content);
 $descriptorspec = array(0 => array("pipe", "r"),1 => array("pipe", "w"));
 $pipes = array();
 
-$process = proc_open(PHP_BINARY.' -n -f ' . $fl, $descriptorspec, $pipes, NULL, NULL, array("blocking_pipes" => true));
+$process = proc_open(escapeshellarg(PHP_BINARY).' -n -f ' . escapeshellarg($fl), $descriptorspec, $pipes, NULL, NULL, array("blocking_pipes" => true));
 
 $moreThanLimit = 0;
 for($i = 0; $i < 10; $i++){