ID: 33664
Comment by: zynevich at jbaw dot iba dot by
Reported By: richard dot quadling at bandvulc dot co dot uk
Status: Open
Bug Type: Feature/Change Request
Operating System: Windows
PHP Version: 5.0.4
New Comment:
Our customer runs PHP5.1.6. from XAMPP stack and when code simply call
shell_exec block cmd window appear (they use browser and web server on
the same machine -- light weight server application). When I recompiled
PHP with proposed changes bug disappeared.
Previous Comments:
------------------------------------------------------------------------
[2005-07-12 16:44:36] richard dot quadling at bandvulc dot co dot uk
Description:
------------
Hi.
I have a LOT of php scripts which are launched via Windows task
scheduler. They are executed using php-win.exe.
Nothing wrong so far.
Some of the scripts run other programs (e.g. WinRAR, NSLookup).
When these programs are launched, a black window (the console window)
appears.
This is REALLY bad. This takes focus away from what I am doing.
I'm using the php-win.exe which is supposed to NOT supply a console
box.
Now.
Having looked at the source, I see that when an external application is
called, it is invoked via the system command line interpreter. I've seen
the various discussions about this and its security implications.
Personally, I'd rather the command shell was NOT loaded, but ...
The real issue for me is that the command shell is launched and creates
a window.
I suggest the following changes to the PHP source.
/* $Id: tsrm_win32.c,v 1.26 2004/01/08 08:14:03 andi Exp $ */
Line 214
if (!CreateProcess(NULL, cmd, &security, &security,
security.bInheritHandle, NORMAL_PRIORITY_CLASS, env, cwd, &startup,
&process)) {
becomes
if (!CreateProcess(NULL, cmd, &security, &security,
security.bInheritHandle, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env,
cwd, &startup, &process)) {
/* $Id: proc_open.c,v 1.35 2005/07/01 06:49:29 hyanantha Exp $ */
Line 748
newprocok = CreateProcess(NULL, command_with_cmd, &security, &security,
TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);
becomes
newprocok = CreateProcess(NULL, command_with_cmd, &security, &security,
TRUE, NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW, env.envp, cwd, &si,
&pi);
static const char rcsid[] = "$Id: os_win32.c,v 1.6 2002/10/13 07:23:17
shane Exp $";
Line 1260 to 1269
success = CreateProcess(execPath, /* LPCSTR address of module name
*/
NULL, /* LPCSTR address of command line */
NULL, /* Process security attributes */
NULL, /* Thread security attributes */
TRUE, /* Inheritable Handes inherited. */
0, /* DWORD creation flags */
env, /* Use parent environment block */
NULL, /* Address of current directory name */
&StartupInfo, /* Address of STARTUPINFO */
pInfo); /* Address of PROCESS_INFORMATION */
becomes
success = CreateProcess(execPath, /* LPCSTR address of module name
*/
NULL, /* LPCSTR address of command line */
NULL, /* Process security attributes */
NULL, /* Thread security attributes */
TRUE, /* Inheritable Handes inherited. */
NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW,
/* DWORD creation flags
*/
env, /* Use parent environment block */
NULL, /* Address of current directory name */
&StartupInfo, /* Address of STARTUPINFO */
pInfo); /* Address of PROCESS_INFORMATION */
Ideally, the CREATE_NO_WINDOW should only be added (or OR'd :-)) if the
executable is not the normal php.exe (i.e. ISAPI, CGI, php-win.exe,
etc).
Regards,
Richard Quadling.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=33664&edit=1
