1--TEST-- 2Harden against cmd.exe hijacking 3--CONFLICTS-- 4all 5--SKIPIF-- 6<?php 7if (PHP_OS_FAMILY !== "Windows") die("skip only for Windows"); 8?> 9--FILE-- 10<?php 11copy(__DIR__ . "/../helpers/bad_cmd.exe", "cmd.exe"); 12$spec = [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]]; 13var_dump($proc = proc_open("@echo hello", $spec, $pipes, null)); 14$read = [$pipes[1], $pipes[2]]; 15$write = $except = null; 16if (($num = stream_select($read, $write, $except, 1000)) === false) { 17 echo "stream_select() failed\n"; 18} elseif ($num > 0) { 19 foreach ($read as $stream) { 20 fpassthru($stream); 21 } 22} 23@unlink("cmd.exe"); 24?> 25--EXPECTF-- 26resource(%d) of type (process) 27hello 28--CLEAN-- 29<?php 30@unlink("cmd.exe"); 31?> 32
