-1

I'm running a process using Laravel which relies on Symfony Process component as follow.

$process= new Process(['binary', $param1, $param2]);
$process->setTimeout(3600);
$process->run();

It works fine excepted when a parameter contains special characters which are interpreted by the shell.

When I run my process directly in shell I have the exact same issue.

If I escape parameters by surrounding them with simple quotes it works well.

So it seems that the issue comes from how the Process component escapes parameters.

Since Symfony 5, the Process component doesn't accept strings as constructor parameter anymore

So I can't escape parameters as follow

new Process("binary '".$param1."' '".$param2."'");

From my opinion, the Process component should escape parameters correctly but it's obviously not the case.

Does anybody knows why special characters are not correctly escaped ? How could I surround both username and password with simple quotes ?

Arkaik
  • 852
  • 2
  • 19
  • 39
  • Use backslash to escape any special character e.g `'\?'`? – Cyclonecode May 17 '21 at 15:05
  • Are you trying to execute the command `binary username password`? – IGP May 17 '21 at 20:02
  • @Clyclonecode I should have precised that I'm planning to use variables instead off raw string. Question is updated – Arkaik May 24 '21 at 14:04
  • @IGP Bad choice of strings during redaction, it's for the minimal exemple but I'm not planning to send plain text passwords on command line – Arkaik May 24 '21 at 14:06

1 Answers1

0

I achieved my goal by using Process::fromShellCommandline

I directly compose the command into a string and then pass the command with escaped parameters.

$command = "binary '".$param1."' '".$param2."'";
$process = Process::fromShellCommandline($command);
$process->setTimeout(3600);
$process->run();

Still don't know why special characters are not correctly escaped using a string array with new Process

Arkaik
  • 852
  • 2
  • 19
  • 39