1--TEST--
2GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - batch file variation
3--SKIPIF--
4<?php
5if( substr(PHP_OS, 0, 3) != "WIN" )
6  die('skip Run only on Windows');
7if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
8?>
9--FILE--
10<?php
11
12$batch_file_content = <<<EOT
13@echo off
14powershell -Command "Write-Output '%0%'"
15powershell -Command "Write-Output '%1%'"
16EOT;
17$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_001.bat';
18
19file_put_contents($batch_file_path, $batch_file_content);
20
21$descriptorspec = [STDIN, STDOUT, STDOUT];
22
23$proc = proc_open([$batch_file_path . ".", "\"&notepad.exe"], $descriptorspec, $pipes);
24proc_close($proc);
25$proc = proc_open([$batch_file_path . "  ", "\"&notepad.exe"], $descriptorspec, $pipes);
26proc_close($proc);
27$proc = proc_open([$batch_file_path . ".  ", "\"&notepad.exe"], $descriptorspec, $pipes);
28proc_close($proc);
29$proc = proc_open([$batch_file_path . ". ...  ", "\"&notepad.exe"], $descriptorspec, $pipes);
30proc_close($proc);
31$proc = proc_open([$batch_file_path . ". ... . ", "\"&notepad.exe"], $descriptorspec, $pipes);
32proc_close($proc);
33$proc = proc_open([$batch_file_path . ". ... . .", "\"&notepad.exe"], $descriptorspec, $pipes);
34proc_close($proc);
35proc_open([$batch_file_path . ". .\\.. . .", "\"&notepad.exe"], $descriptorspec, $pipes);
36
37?>
38--EXPECTF--
39'"%sghsa-9fcc-425m-g385_001.bat."' is not recognized as an internal or external command,
40operable program or batch file.
41%sghsa-9fcc-425m-g385_001.bat
42"&notepad.exe
43%sghsa-9fcc-425m-g385_001.bat.
44"&notepad.exe
45%sghsa-9fcc-425m-g385_001.bat. ...
46"&notepad.exe
47%sghsa-9fcc-425m-g385_001.bat. ... .
48"&notepad.exe
49'"%sghsa-9fcc-425m-g385_001.bat. ... . ."' is not recognized as an internal or external command,
50operable program or batch file.
51
52Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d
53--CLEAN--
54<?php
55@unlink(__DIR__ . '/ghsa-9fcc-425m-g385_001.bat');
56?>
57