1--TEST--
2GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - batch file variation
3--SKIPIF--
4<?php
5if( substr(PHP_OS, 0, 3) != "WIN" )
6  die('skip Run only on Windows');
7if (!str_contains(shell_exec("does_not_exist.exe 2>&1"), "is not recognized as an internal or external command")) {
8  die("skip English locale required");
9}
10if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
11?>
12--FILE--
13<?php
14
15$batch_file_content = <<<EOT
16@echo off
17powershell -Command "Write-Output '%0%'"
18powershell -Command "Write-Output '%1%'"
19EOT;
20$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_001.bat';
21
22file_put_contents($batch_file_path, $batch_file_content);
23
24$descriptorspec = [STDIN, STDOUT, STDOUT];
25
26$proc = proc_open([$batch_file_path . ".", "\"&notepad.exe"], $descriptorspec, $pipes);
27proc_close($proc);
28$proc = proc_open([$batch_file_path . "  ", "\"&notepad.exe"], $descriptorspec, $pipes);
29proc_close($proc);
30$proc = proc_open([$batch_file_path . ".  ", "\"&notepad.exe"], $descriptorspec, $pipes);
31proc_close($proc);
32$proc = proc_open([$batch_file_path . ". ...  ", "\"&notepad.exe"], $descriptorspec, $pipes);
33proc_close($proc);
34$proc = proc_open([$batch_file_path . ". ... . ", "\"&notepad.exe"], $descriptorspec, $pipes);
35proc_close($proc);
36$proc = proc_open([$batch_file_path . ". ... . .", "\"&notepad.exe"], $descriptorspec, $pipes);
37proc_close($proc);
38proc_open([$batch_file_path . ". .\\.. . .", "\"&notepad.exe"], $descriptorspec, $pipes);
39
40?>
41--EXPECTF--
42'"%sghsa-9fcc-425m-g385_001.bat."' is not recognized as an internal or external command,
43operable program or batch file.
44%sghsa-9fcc-425m-g385_001.bat
45"&notepad.exe
46%sghsa-9fcc-425m-g385_001.bat.
47"&notepad.exe
48%sghsa-9fcc-425m-g385_001.bat. ...
49"&notepad.exe
50%sghsa-9fcc-425m-g385_001.bat. ... .
51"&notepad.exe
52'"%sghsa-9fcc-425m-g385_001.bat. ... . ."' is not recognized as an internal or external command,
53operable program or batch file.
54
55Warning: proc_open(): CreateProcess failed: The system cannot find the file specified in %s on line %d
56--CLEAN--
57<?php
58@unlink(__DIR__ . '/ghsa-9fcc-425m-g385_001.bat');
59?>
60