Fix GH-10489: run-tests.php does not escape path when building cmd (#10560)

Multiple tests had to be changed to escape the arguments in shell
commands. Some tests are skipped because they behave differently with
spaces in the path versus without. One notable example of this is the
hashbang test which does not work because spaces in hashbangs paths are
not supported in Linux.

Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>

Zend/tests/bug40236.phpt

@@ -6,8 +6,8 @@ if (extension_loaded("readline")) die("skip Test doesn't support readline");
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
-$cmd = "\"$php\" -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = "$php -n -d memory_limit=4M -a \"".__DIR__."\"/bug40236.inc";
 echo `$cmd`;
 ?>
 --EXPECT--

Zend/tests/bug60978.phpt

@@ -2,8 +2,7 @@
 Bug #60978 (exit code incorrect)
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' -n -r "exit(2);"', $output, $exit_code);
+exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "exit(2);"', $output, $exit_code);
 echo $exit_code;
 ?>
 --EXPECT--

ext/com_dotnet/tests/bug77578.phpt

@@ -6,8 +6,8 @@ com_dotnet
 <?php
 // To actually be able to verify the crash during shutdown on Windows, we have
 // to execute a PHP subprocess, and check its exit status.
-$php = PHP_BINARY;
-$extension_dir = ini_get("extension_dir");
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$extension_dir = escapeshellarg(ini_get("extension_dir"));
 $script = <<<SCRIPT
 if (!extension_loaded('com_dotnet')) dl('com_dotnet');
 ini_set('com.autoregister_typelib', '1');

ext/mbstring/tests/gh7902.phpt

@@ -1,8 +1,10 @@
 --TEST--
 GH-7902 (mb_send_mail may delimit headers with LF only)
+--EXTENSIONS--
+mbstring
 --SKIPIF--
 <?php
-if (!extension_loaded("mbstring")) die("skip mbstring extension not available");
+if (str_contains(getcwd(), " ")) die("skip sendmail_path ini with spaces");
 ?>
 --INI--
 sendmail_path={MAIL:{PWD}/gh7902.eml}

ext/simplexml/tests/bug79971_1.phpt

@@ -1,8 +1,10 @@
 --TEST--
 Bug #79971 (special character is breaking the path in xml function)
+--EXTENSIONS--
+simplexml
 --SKIPIF--
 <?php
-if (!extension_loaded('simplexml')) die('skip simplexml extension not available');
+if (str_contains(getcwd(), ' ')) die('skip simplexml already escapes the path with spaces so this test does not work');
 ?>
 --FILE--
 <?php

ext/standard/tests/directory/bug74589_utf8.phpt

@@ -18,6 +18,7 @@ internal_encoding=utf-8
 $item = "bug74589_新建文件夹"; // utf-8 string
 $dir = __DIR__ . DIRECTORY_SEPARATOR . $item;
 $test_file = $dir . DIRECTORY_SEPARATOR . "test.php";
+$test_file_escaped = escapeshellarg($test_file);
 
 mkdir($dir);
 
@@ -27,9 +28,9 @@ file_put_contents($test_file,
     var_dump(__FILE__);
     var_dump(__DIR__ === __DIR__);");
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
-echo shell_exec("$php -n $test_file");
+echo shell_exec("$php -n $test_file_escaped");
 
 ?>
 --EXPECTF--

ext/standard/tests/file/bug22414.phpt

@@ -6,22 +6,21 @@ output_handler=
 <?php
 
     $php = getenv('TEST_PHP_EXECUTABLE');
+    $php_escaped = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
     $tmpfile = tempnam(__DIR__, 'phpt');
     $args = ' -n ';
 
     /* Regular Data Test */
-    passthru($php . $args . ' -r " echo \"HELLO\"; "');
+    passthru($php_escaped . $args . ' -r " echo \"HELLO\"; "');
 
     echo "\n";
 
     /* Binary Data Test */
-
+    $cmd = $php_escaped . $args . ' -r ' . escapeshellarg("readfile(@getenv('TEST_PHP_EXECUTABLE'));");
     if (substr(PHP_OS, 0, 3) != 'WIN') {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\'\\\'\'TEST_PHP_EXECUTABLE\'\\\'\')); \"';
-        $cmd = $php . $args . ' -r \' passthru("'.$cmd.'"); \' > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . escapeshellarg('passthru("'.$cmd.'");') . ' > '.escapeshellarg($tmpfile);
     } else {
-        $cmd = $php . $args . ' -r \"readfile(@getenv(\\\\\\"TEST_PHP_EXECUTABLE\\\\\\")); \"';
-        $cmd = $php . $args . ' -r " passthru(\''.$cmd.'\');" > '.$tmpfile ;
+        $cmd = $php_escaped . $args . ' -r ' . "\"passthru('".addslashes($cmd)."');\"" . ' > '.escapeshellarg($tmpfile);
     }
     exec($cmd);
 

ext/standard/tests/file/bug26615.phpt

@@ -7,9 +7,9 @@ variables_order=E
 $out = array();
 $status = -1;
 if (substr(PHP_OS, 0, 3) != 'WIN') {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
+    exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r \'for($i=1;$i<=5000;$i++) print "$i\n";\' | tr \'\n\' \' \'', $out, $status);
 } else {
-    exec($_ENV['TEST_PHP_EXECUTABLE'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
+    exec($_ENV['TEST_PHP_EXECUTABLE_ESCAPED'].' -n -r "for($i=1;$i<=5000;$i++) echo $i,\' \';"', $out, $status);
 }
 print_r($out);
 ?>

ext/standard/tests/file/bug26938.phpt

@@ -4,7 +4,7 @@ Bug #26938 (exec does not read consecutive long lines correctly)
 <?php
 $out = array();
 $status = -1;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if (substr(PHP_OS, 0, 3) != 'WIN') {
     exec($php . ' -n -r \''
          . '$lengths = array(10,20000,10000,5,10000,3);'

ext/standard/tests/file/bug60120.phpt

@@ -2,7 +2,7 @@
 Bug #60120 (proc_open hangs when data in stdin/out/err is getting larger or equal to 2048)
 --SKIPIF--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if (!$php) {
     die("skip No php executable defined\n");
 }
@@ -12,11 +12,8 @@ if (!$php) {
 
 error_reporting(E_ALL);
 
-$php = getenv('TEST_PHP_EXECUTABLE');
-if (!$php) {
-    die("No php executable defined\n");
-}
-$cmd = 'php -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = $php . ' -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
 $descriptors = array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w'));
 $stdin = str_repeat('*', 2049 );
 

ext/standard/tests/file/mkdir-002.phpt

@@ -24,7 +24,8 @@ var_dump(rmdir("./mkdir-002"));
 var_dump(mkdir(__DIR__."/mkdir-002", 0777));
 var_dump(mkdir(__DIR__."/mkdir-002/subdir", 0777));
 $dirname = __DIR__."/mkdir-002";
-var_dump(`ls -l $dirname`);
+$dirname_escaped = escapeshellarg($dirname);
+var_dump(`ls -l $dirname_escaped`);
 var_dump(rmdir(__DIR__."/mkdir-002/subdir"));
 var_dump(rmdir(__DIR__."/mkdir-002"));
 

ext/standard/tests/file/popen_pclose_basic.phpt

@@ -16,7 +16,7 @@ echo "-- Testing popen(): reading from the pipe --\n";
 $dirpath = $file_path."/popen_basic";
 mkdir($dirpath);
 touch($dirpath."/popen_basic.tmp");
-define('CMD', "ls $dirpath");
+define('CMD', "ls " . escapeshellarg($dirpath));
 $file_handle = popen(CMD, 'r');
 fpassthru($file_handle);
 pclose($file_handle);
@@ -24,7 +24,8 @@ pclose($file_handle);
 echo "-- Testing popen(): reading from a file using 'cat' command --\n";
 create_files($dirpath, 1, "text_with_new_line", 0755, 100, "w", "popen_basic", 1, "bytes");
 $filename = $dirpath."/popen_basic1.tmp";
-$command = "cat $filename";
+$filename_escaped = escapeshellarg($filename);
+$command = "cat $filename_escaped";
 $file_handle = popen($command, "r");
 $return_value =  fpassthru($file_handle);
 echo "\n";

ext/standard/tests/file/proc_open01.phpt

@@ -4,7 +4,7 @@ proc_open() regression test 1 (proc_open() leak)
 <?php
 $pipes = array(1, 2, 3);
 $orig_pipes = $pipes;
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if ($php === false) {
     die("no php executable defined");
 }

ext/standard/tests/file/windows_mb_path/bug75063_cp1251.phpt

@@ -49,7 +49,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -n -d default_charset=cp1251 -f code.php"));
+print(shell_exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n -d default_charset=cp1251 -f code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/file/windows_mb_path/bug75063_utf8.phpt

@@ -47,7 +47,7 @@ CODE;
 $code_fn = "code.php";
 file_put_contents($code_fn, $code);
 
-print(shell_exec(getenv('TEST_PHP_EXECUTABLE') . " -nf code.php"));
+print(shell_exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -nf code.php"));
 
 chdir($old_cwd);
 

ext/standard/tests/general_functions/bug69646.phpt

@@ -24,7 +24,7 @@ SCRIPT;
 $script = __DIR__ . DIRECTORY_SEPARATOR . "arginfo.php";
 file_put_contents($script, $helper_script);
 
-$cmd =  PHP_BINARY . " " . $script . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
+$cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " " . escapeshellarg($script) . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
 
 system($cmd);
 

ext/standard/tests/general_functions/bug70018.phpt

@@ -5,9 +5,10 @@ Bug #70018 (exec does not strip all whitespace)
 $output = array();
 
 $test_fl = __DIR__ . DIRECTORY_SEPARATOR . md5(uniqid());
+$test_fl_escaped = escapeshellarg($test_fl);
 file_put_contents($test_fl, '<?php echo "abc\f\n \n";');
 
-exec(PHP_BINARY . " -n $test_fl", $output);
+exec(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n $test_fl_escaped", $output);
 
 var_dump($output);
 

ext/standard/tests/general_functions/proc_open-mb0.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb0.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes,
         NULL,

ext/standard/tests/general_functions/proc_open-mb1.phpt

@@ -7,9 +7,10 @@ if (!function_exists("proc_open")) echo "skip proc_open() is not available";
 --FILE--
 <?php
 
-$php = PHP_BINARY;
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $f = __DIR__ . DIRECTORY_SEPARATOR . "proc_only_mb1.php";
+$f_escaped = escapeshellarg($f);
 file_put_contents($f,'<?php var_dump($argv); ?>');
 
 $ds = array(
@@ -19,7 +20,7 @@ $ds = array(
         );
 
 $p = proc_open(
-        "$php -n $f テストマルチバイト・パス füße карамба",
+        "$php -n $f_escaped テストマルチバイト・パス füße карамба",
         $ds,
         $pipes
         );

ext/standard/tests/general_functions/proc_open_pipes1.phpt

@@ -7,8 +7,8 @@ for ($i = 3; $i<= 30; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes2.phpt

@@ -5,8 +5,8 @@ proc_open() with no pipes
 
 $spec = array();
 
-$php = getenv("TEST_PHP_EXECUTABLE");
-$callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
+$callee = escapeshellarg(__DIR__ . "/proc_open_pipes_sleep.inc");
 proc_open("$php -n $callee", $spec, $pipes);
 
 var_dump(count($spec));

ext/standard/tests/general_functions/proc_open_pipes3.phpt

@@ -7,25 +7,26 @@ for ($i = 3; $i<= 5; $i++) {
     $spec[$i] = array('pipe', 'w');
 }
 
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $callee = __DIR__ . "/proc_open_pipes_sleep.inc";
+$callee_escaped = escapeshellarg($callee);
 
 $spec[$i] = array('pi');
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 
 $spec[$i] = 1;
 try {
-    proc_open("$php -n $callee", $spec, $pipes);
+    proc_open("$php -n $callee_escaped", $spec, $pipes);
 } catch (ValueError $exception) {
     echo $exception->getMessage() . "\n";
 }
 
 $spec[$i] = array('pipe', "test");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 $spec[$i] = array('file', "test", "z");
-proc_open("$php -n $callee", $spec, $pipes);
+proc_open("$php -n $callee_escaped", $spec, $pipes);
 var_dump($pipes);
 
 echo "END\n";

ext/standard/tests/ini_info/php_ini_loaded_file.phpt

@@ -3,14 +3,14 @@ php_ini_loaded_file() function
 --FILE--
 <?php
     $inifile = __DIR__.DIRECTORY_SEPARATOR.'loaded.ini';
-    $php = '"'.getenv('TEST_PHP_EXECUTABLE').'"';
+    $php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
     $code = '"var_dump(php_ini_loaded_file());"';
 
     // No ini file
     passthru($php.' -n -r '.$code);
 
     // Specified ini file
-    passthru($php.' -c "'.$inifile.'" -r '.$code);
+    passthru($php.' -c '.escapeshellarg($inifile).' -r '.$code);
 ?>
 --EXPECTREGEX--
 bool\(false\)

ext/standard/tests/ini_info/php_ini_scanned_files.phpt

@@ -3,7 +3,7 @@ php_ini_scanned_files() function
 --FILE--
 <?php
     $inifile = __DIR__.DIRECTORY_SEPARATOR.'loaded.ini';
-    $php = sprintf('"%s" -c "%s"', getenv('TEST_PHP_EXECUTABLE'), $inifile);
+    $php = sprintf('%s -c %s', getenv('TEST_PHP_EXECUTABLE_ESCAPED'), escapeshellarg($inifile));
     $scandir = __DIR__.DIRECTORY_SEPARATOR.'scandir';
 
     // Empty env value disables any config option

ext/standard/tests/misc/bug79410.phpt

@@ -3,7 +3,7 @@ Bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without new
 --FILE--
 <?php
 ob_start();
-system(getenv('TEST_PHP_EXECUTABLE') . ' -n -r "echo str_repeat(\".\", 4095);"');
+system(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "echo str_repeat(\".\", 4095);"');
 var_dump(strlen(ob_get_clean()));
 ?>
 --EXPECT--

ext/standard/tests/streams/bug46024.phpt

@@ -2,17 +2,16 @@
 Bug #46024 stream_select() doesn't return the correct number
 --SKIPIF--
 <?php
-if (!getenv('TEST_PHP_EXECUTABLE')) die("skip TEST_PHP_EXECUTABLE not defined");
+if (!getenv('TEST_PHP_EXECUTABLE_ESCAPED')) die("skip TEST_PHP_EXECUTABLE_ESCAPED not defined");
 // Terminating the process may cause a bailout while writing out the phpinfo,
 // which may leak a temporary hash table. This does not seems worth fixing.
 if (getenv('SKIP_ASAN')) die("skip Test may leak");
 ?>
 --FILE--
 <?php
-$php = realpath(getenv('TEST_PHP_EXECUTABLE'));
 $pipes = array();
 $proc = proc_open(
-    "$php -n -i"
+    getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n -i"
     ,array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'))
     ,$pipes, __DIR__, array(), array()
 );

ext/standard/tests/streams/bug70198.phpt

@@ -17,6 +17,7 @@ server
 
 $srv_addr = "tcp://127.0.0.1:8964";
 $srv_fl = __DIR__ . "/bug70198_svr_" . md5(uniqid()) . ".php";
+$srv_fl_escaped = escapeshellarg($srv_fl);
 $srv_fl_cont = <<<SRV
 <?php
 \$socket = stream_socket_server('$srv_addr', \$errno, \$errstr);
@@ -35,7 +36,7 @@ if (!\$socket) {
 SRV;
 file_put_contents($srv_fl, $srv_fl_cont);
 $dummy0 = $dummy1 = array();
-$srv_proc = proc_open(PHP_BINARY . " -n $srv_fl", $dummy0, $dummy1);
+$srv_proc = proc_open(getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n $srv_fl_escaped", $dummy0, $dummy1);
 
 $i = 0;
 /* wait a bit for the server startup */

ext/standard/tests/streams/bug78883.phpt

@@ -13,7 +13,7 @@ $descriptorspec = array(
    //2 => array("file", "stderr.txt", "ab")
 );
 $pipes = [];
-$cmd = 'cmd.exe "/c START ^"^" /WAIT ' . PHP_BINARY . ' -r ^"var_dump(fgets(STDIN));"';
+$cmd = 'cmd.exe "/c START ^"^" /WAIT ' . getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -r ^"var_dump(fgets(STDIN));"';
 $proc = proc_open($cmd, $descriptorspec, $pipes);
 var_dump(is_resource($proc));
 $pid = proc_get_status($proc)['pid'];

ext/standard/tests/streams/proc_open_bug51800_right.phpt

@@ -9,8 +9,8 @@ if (strpos(PHP_OS, 'FreeBSD') !== false) {
 --FILE--
 <?php
 $callee = __DIR__ . "/process_proc_open_bug51800_right.php";
-$php = PHP_BINARY;
-$cmd = "$php -n $callee";
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = "$php -n " . escapeshellarg($callee);
 
 $status;
 $stdout = "";

ext/standard/tests/streams/proc_open_bug51800_right2.phpt

@@ -3,8 +3,8 @@ Bug #51800 proc_open on Windows hangs forever, the right way to do it with more
 --FILE--
 <?php
 $callee = __DIR__ . "/process_proc_open_bug51800_right2.php";
-$php = PHP_BINARY;
-$cmd = "$php -n $callee";
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+$cmd = "$php -n " . escapeshellarg($callee);
 
 $status;
 $stdout = "";

ext/standard/tests/streams/proc_open_bug60120.phpt

@@ -19,7 +19,7 @@ if (\$input) {
 TMPFILE
 );
 
-$command = sprintf("%s -n %s", PHP_BINARY, $file);
+$command = sprintf("%s -n %s", getenv('TEST_PHP_EXECUTABLE_ESCAPED'), escapeshellarg($file));
 
 $process = proc_open(
     $command,

ext/standard/tests/streams/proc_open_bug64438.phpt

@@ -6,9 +6,9 @@ Bug #64438 proc_open hangs with stdin/out with 4097+ bytes
 error_reporting(E_ALL);
 
 if (substr(PHP_OS, 0, 3) == 'WIN') {
-    $cmd = PHP_BINARY . ' -n -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
+    $cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r "fwrite(STDOUT, $in = file_get_contents(\'php://stdin\')); fwrite(STDERR, $in);"';
 } else {
-    $cmd = PHP_BINARY . ' -n -r \'fwrite(STDOUT, $in = file_get_contents("php://stdin")); fwrite(STDERR, $in);\'';
+    $cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . ' -n -r \'fwrite(STDOUT, $in = file_get_contents("php://stdin")); fwrite(STDERR, $in);\'';
 }
 $descriptors = array(array('pipe', 'r'), array('pipe', 'w'), array('pipe', 'w'));
 $stdin = str_repeat('*', 4097);

ext/standard/tests/streams/proc_open_bug69900.phpt

@@ -23,7 +23,7 @@ file_put_contents($fl, $test_content);
 $descriptorspec = array(0 => array("pipe", "r"),1 => array("pipe", "w"));
 $pipes = array();
 
-$process = proc_open(PHP_BINARY.' -n -f ' . $fl, $descriptorspec, $pipes, NULL, NULL, array("blocking_pipes" => true));
+$process = proc_open(getenv('TEST_PHP_EXECUTABLE_ESCAPED').' -n -f ' . escapeshellarg($fl), $descriptorspec, $pipes, NULL, NULL, array("blocking_pipes" => true));
 
 $moreThanLimit = 0;
 for($i = 0; $i < 10; $i++){

run-tests.php

@@ -678,10 +678,16 @@ function main(): void
 
     putenv("TEST_PHP_EXECUTABLE=$php");
     $environment['TEST_PHP_EXECUTABLE'] = $php;
+    putenv("TEST_PHP_EXECUTABLE_ESCAPED=" . escapeshellarg($php));
+    $environment['TEST_PHP_EXECUTABLE_ESCAPED'] = escapeshellarg($php);
     putenv("TEST_PHP_CGI_EXECUTABLE=$php_cgi");
     $environment['TEST_PHP_CGI_EXECUTABLE'] = $php_cgi;
+    putenv("TEST_PHP_CGI_EXECUTABLE_ESCAPED=" . escapeshellarg($php_cgi));
+    $environment['TEST_PHP_CGI_EXECUTABLE_ESCAPED'] = escapeshellarg($php_cgi);
     putenv("TEST_PHPDBG_EXECUTABLE=$phpdbg");
     $environment['TEST_PHPDBG_EXECUTABLE'] = $phpdbg;
+    putenv("TEST_PHPDBG_EXECUTABLE_ESCAPED=" . escapeshellarg($phpdbg));
+    $environment['TEST_PHPDBG_EXECUTABLE_ESCAPED'] = escapeshellarg($phpdbg);
 
     if ($conf_passed !== null) {
         if (IS_WINDOWS) {
@@ -831,6 +837,7 @@ function verify_config(): void
 function write_information(): void
 {
     global $php, $php_cgi, $phpdbg, $php_info, $user_tests, $ini_overwrites, $pass_options, $exts_to_test, $valgrind, $no_file_cache;
+    $php_escaped = escapeshellarg($php);
 
     // Get info from php
     $info_file = __DIR__ . '/run-test-info.php';
@@ -846,11 +853,12 @@ More .INIs  : " , (function_exists(\'php_ini_scanned_files\') ? str_replace("\n"
     $info_params = [];
     settings2array($ini_overwrites, $info_params);
     $info_params = settings2params($info_params);
-    $php_info = shell_exec("$php $pass_options $info_params $no_file_cache \"$info_file\"");
-    define('TESTED_PHP_VERSION', shell_exec("$php -n -r \"echo PHP_VERSION;\""));
+    $php_info = shell_exec("$php_escaped $pass_options $info_params $no_file_cache \"$info_file\"");
+    define('TESTED_PHP_VERSION', shell_exec("$php_escaped -n -r \"echo PHP_VERSION;\""));
 
     if ($php_cgi && $php != $php_cgi) {
-        $php_info_cgi = shell_exec("$php_cgi $pass_options $info_params $no_file_cache -q \"$info_file\"");
+        $php_cgi_escaped = escapeshellarg($php_cgi);
+        $php_info_cgi = shell_exec("$php_cgi_escaped $pass_options $info_params $no_file_cache -q \"$info_file\"");
         $php_info_sep = "\n---------------------------------------------------------------------";
         $php_cgi_info = "$php_info_sep\nPHP         : $php_cgi $php_info_cgi$php_info_sep";
     } else {
@@ -858,7 +866,8 @@ More .INIs  : " , (function_exists(\'php_ini_scanned_files\') ? str_replace("\n"
     }
 
     if ($phpdbg) {
-        $phpdbg_info = shell_exec("$phpdbg $pass_options $info_params $no_file_cache -qrr \"$info_file\"");
+        $phpdbg_escaped = escapeshellarg($phpdbg);
+        $phpdbg_info = shell_exec("$phpdbg_escaped $pass_options $info_params $no_file_cache -qrr \"$info_file\"");
         $php_info_sep = "\n---------------------------------------------------------------------";
         $phpdbg_info = "$php_info_sep\nPHP         : $phpdbg $phpdbg_info$php_info_sep";
     } else {
@@ -884,7 +893,7 @@ More .INIs  : " , (function_exists(\'php_ini_scanned_files\') ? str_replace("\n"
         }
         echo implode(',', $exts);
         PHP);
-    $extensionsNames = explode(',', shell_exec("$php $pass_options $info_params $no_file_cache \"$info_file\""));
+    $extensionsNames = explode(',', shell_exec("$php_escaped $pass_options $info_params $no_file_cache \"$info_file\""));
     $exts_to_test = array_unique(remap_loaded_extensions_names($extensionsNames));
     // check for extensions that need special handling and regenerate
     $info_params_ex = [
@@ -1163,6 +1172,13 @@ function system_with_timeout(
 ) {
     global $valgrind;
 
+    // when proc_open cmd is passed as a string (without bypass_shell=true option) the cmd goes thru shell
+    // and on Windows quotes are discarded, this is a fix to honor the quotes and allow values containing
+    // spaces like '"C:\Program Files\PHP\php.exe"' to be passed as 1 argument correctly
+    if (IS_WINDOWS) {
+        $commandline = 'start "" /b /wait ' . $commandline;
+    }
+
     $data = '';
 
     $bin_env = [];
@@ -1838,6 +1854,7 @@ function run_test(string $php, $file, array $env): string
     $org_file = $file;
     $orig_php = $php;
 
+    $php = escapeshellarg($php);
     $php_cgi = $env['TEST_PHP_CGI_EXECUTABLE'] ?? null;
     $phpdbg = $env['TEST_PHPDBG_EXECUTABLE'] ?? null;
 
@@ -1898,7 +1915,7 @@ TEST $file
         if (!$php_cgi) {
             return skip_test($tested, $tested_file, $shortname, 'CGI not available');
         }
-        $php = $php_cgi . ' -C ';
+        $php = escapeshellarg($php_cgi) . ' -C ';
         $uses_cgi = true;
         if ($num_repeats > 1) {
             return skip_test($tested, $tested_file, $shortname, 'CGI does not support --repeat');
@@ -1909,7 +1926,7 @@ TEST $file
     $extra_options = '';
     if ($test->hasSection('PHPDBG')) {
         if (isset($phpdbg)) {
-            $php = $phpdbg . ' -qIb';
+            $php = escapeshellarg($phpdbg) . ' -qIb';
 
             // Additional phpdbg command line options for sections that need to
             // be run straight away. For example, EXTENSIONS, SKIPIF, CLEAN.

sapi/cgi/tests/bug75574_utf8.phpt

@@ -13,7 +13,7 @@ include "skipif.inc";
 
 include "include.inc";
 
-$php = get_cgi_path();
+$php = escapeshellarg(get_cgi_path());
 reset_env_vars();
 
 $fn = __DIR__ . DIRECTORY_SEPARATOR . md5(uniqid());

sapi/cgi/tests/include.inc

@@ -3,12 +3,13 @@
 function get_cgi_path() /* {{{ */
 {
     $php = getenv("TEST_PHP_EXECUTABLE");
+    $php_escaped = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 
     $cli = false;
     $cgi = false;
 
     if (file_exists($php) && is_executable($php)) {
-        $version = `$php -n -v`;
+        $version = `$php_escaped -n -v`;
         if (strstr($version, "(cli)")) {
             /* that's cli */
             $cli = true;

sapi/cli/tests/001.phpt

@@ -5,7 +5,7 @@ version string
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n -v`);
 

sapi/cli/tests/002-unix.phpt

@@ -10,7 +10,7 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n -r 'var_dump("hello");'`);
 

sapi/cli/tests/002.phpt

@@ -7,7 +7,7 @@ include "skipif.inc";
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n -r "var_dump('hello');"`);
 

sapi/cli/tests/003-2.phpt

@@ -10,10 +10,10 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
-var_dump(`"$php" -nd max_execution_time=111 -r 'var_dump(ini_get("max_execution_time"));'`);
-var_dump(`"$php" -nd max_execution_time=500 -r 'var_dump(ini_get("max_execution_time"));'`);
+var_dump(`$php -nd max_execution_time=111 -r 'var_dump(ini_get("max_execution_time"));'`);
+var_dump(`$php -nd max_execution_time=500 -r 'var_dump(ini_get("max_execution_time"));'`);
 
 ?>
 --EXPECT--

sapi/cli/tests/003.phpt

@@ -10,7 +10,7 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n -d max_execution_time=111 -r 'var_dump(ini_get("max_execution_time"));'`);
 var_dump(`$php -n -d max_execution_time=500 -r 'var_dump(ini_get("max_execution_time"));'`);

sapi/cli/tests/004.phpt

@@ -7,7 +7,7 @@ include "skipif.inc";
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n --rf unknown`);
 var_dump(`$php -n --rf echo`);

sapi/cli/tests/005.phpt

@@ -7,11 +7,11 @@ include "skipif.inc";
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
-var_dump(`"$php" -n --rc unknown`);
-var_dump(`"$php" -n --rc stdclass`);
-var_dump(`"$php" -n --rc exception`);
+var_dump(`$php -n --rc unknown`);
+var_dump(`$php -n --rc stdclass`);
+var_dump(`$php -n --rc exception`);
 
 echo "Done\n";
 ?>

sapi/cli/tests/006.phpt

@@ -15,7 +15,7 @@ date.timezone=UTC
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n --re unknown`);
 var_dump(`$php -n --re ""`);

sapi/cli/tests/007.phpt

@@ -10,7 +10,7 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename = __DIR__.'/007.test.php';
 $code ='

sapi/cli/tests/008.phpt

@@ -10,7 +10,7 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename = __DIR__.'/008.test.php';
 $code ='

sapi/cli/tests/009.phpt

@@ -7,7 +7,7 @@ readline
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 var_dump(`$php -n -a -r "echo hello;"`);
 var_dump(`$php -n -r "echo hello;" -a`);

sapi/cli/tests/010-2.phpt

@@ -10,9 +10,10 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename_txt = __DIR__."/010.test.txt";
+$filename_txt_escaped = escapeshellarg($filename_txt);
 
 $txt = '
 test
@@ -21,7 +22,7 @@ hello
 
 file_put_contents($filename_txt, $txt);
 
-var_dump(`cat "$filename_txt" | "$php" -n -R "var_dump(1);"`);
+var_dump(`cat $filename_txt_escaped | $php -n -R "var_dump(1);"`);
 
 @unlink($filename_txt);
 

sapi/cli/tests/010.phpt

@@ -10,10 +10,12 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename = __DIR__."/010.test.php";
+$filename_escaped = escapeshellarg($filename);
 $filename_txt = __DIR__."/010.test.txt";
+$filename_txt_escaped = escapeshellarg($filename_txt);
 
 $code = '
 <?php
@@ -29,7 +31,7 @@ hello';
 
 file_put_contents($filename_txt, $txt);
 
-var_dump(`cat "$filename_txt" | "$php" -n -F "$filename"`);
+var_dump(`cat $filename_txt_escaped | $php -n -F $filename_escaped`);
 
 ?>
 --CLEAN--

sapi/cli/tests/011.phpt

@@ -5,9 +5,10 @@ syntax check
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename = __DIR__."/011.test.php";
+$filename_escaped = escapeshellarg($filename);
 
 $code = '
 <?php
@@ -25,8 +26,8 @@ echo test::$var;
 
 file_put_contents($filename, $code);
 
-var_dump(`"$php" -n -l $filename`);
-var_dump(`"$php" -n -l some.unknown`);
+var_dump(`$php -n -l $filename_escaped`);
+var_dump(`$php -n -l some.unknown`);
 
 $code = '
 <?php
@@ -40,7 +41,7 @@ class test
 
 file_put_contents($filename, $code);
 
-var_dump(`"$php" -n -l $filename`);
+var_dump(`$php -n -l $filename_escaped`);
 
 @unlink($filename);
 

sapi/cli/tests/012-2.phpt

@@ -7,7 +7,7 @@ readline
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 // -r : behavior = CLI_DIRECT
 // -F / -R / -B / -E : behavior = PROCESS_STDIN
@@ -15,17 +15,17 @@ $php = getenv('TEST_PHP_EXECUTABLE');
 // -s : behavior = HIGHLIGHT
 // -w : behavior = STRIP
 
-var_dump(`"$php" -n -r "echo 1;" -F some.php`);
-var_dump(`"$php" -n -r "echo 2;" -f some.php`);
-var_dump(`"$php" -n -r "echo 3;" -l`); // ignores linting
-var_dump(`"$php" -n -r "echo 4;" -R some.php`);
-var_dump(`"$php" -n -r "echo 5;" -B ""`);
-var_dump(`"$php" -n -a -B ""`);
-var_dump(`"$php" -n -r "echo 6;" -E ""`);
-var_dump(`"$php" -n -a -E ""`);
-var_dump(`"$php" -n -r "echo 7;" -s`);
-var_dump(`"$php" -n -r "echo 8;" -w`);
-var_dump(`"$php" -n -l -r "echo 9;"`);
+var_dump(`$php -n -r "echo 1;" -F some.php`);
+var_dump(`$php -n -r "echo 2;" -f some.php`);
+var_dump(`$php -n -r "echo 3;" -l`); // ignores linting
+var_dump(`$php -n -r "echo 4;" -R some.php`);
+var_dump(`$php -n -r "echo 5;" -B ""`);
+var_dump(`$php -n -a -B ""`);
+var_dump(`$php -n -r "echo 6;" -E ""`);
+var_dump(`$php -n -a -E ""`);
+var_dump(`$php -n -r "echo 7;" -s`);
+var_dump(`$php -n -r "echo 8;" -w`);
+var_dump(`$php -n -l -r "echo 9;"`);
 
 echo "Done\n";
 ?>

sapi/cli/tests/012.phpt

@@ -5,16 +5,16 @@ invalid arguments and error messages
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
-var_dump(`"$php" -n -F some.php -F some.php`);
-var_dump(`"$php" -n -F some.php -R some.php`);
-var_dump(`"$php" -n -R some.php -F some.php`);
-var_dump(`"$php" -n -R some.php -R some.php`);
-var_dump(`"$php" -n -f some.php -f some.php`);
-var_dump(`"$php" -n -B '' -B ''`);
-var_dump(`"$php" -n -E '' -E ''`);
-var_dump(`"$php" -n -r '' -r ''`);
+var_dump(`$php -n -F some.php -F some.php`);
+var_dump(`$php -n -F some.php -R some.php`);
+var_dump(`$php -n -R some.php -F some.php`);
+var_dump(`$php -n -R some.php -R some.php`);
+var_dump(`$php -n -f some.php -f some.php`);
+var_dump(`$php -n -B '' -B ''`);
+var_dump(`$php -n -E '' -E ''`);
+var_dump(`$php -n -r '' -r ''`);
 
 echo "Done\n";
 ?>

sapi/cli/tests/013.phpt

@@ -10,14 +10,15 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename_txt = __DIR__."/013.test.txt";
+$filename_txt_escaped = escapeshellarg($filename_txt);
 file_put_contents($filename_txt, "test\nfile\ncontents\n");
 
-var_dump(`cat "$filename_txt" | "$php" -n -B 'var_dump("start");'`);
-var_dump(`cat "$filename_txt" | "$php" -n -E 'var_dump("end");'`);
-var_dump(`cat "$filename_txt" | "$php" -n -B 'var_dump("start");' -E 'var_dump("end");'`);
+var_dump(`cat $filename_txt_escaped | $php -n -B 'var_dump("start");'`);
+var_dump(`cat $filename_txt_escaped | $php -n -E 'var_dump("end");'`);
+var_dump(`cat $filename_txt_escaped | $php -n -B 'var_dump("start");' -E 'var_dump("end");'`);
 
 @unlink($filename_txt);
 

sapi/cli/tests/014.phpt

@@ -5,7 +5,7 @@ syntax highlighting
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename = __DIR__."/014.test.php";
 $code = '
@@ -27,8 +27,9 @@ $o = new test;
 
 file_put_contents($filename, $code);
 
-var_dump(`"$php" -n -s $filename`);
-var_dump(`"$php" -n -s unknown`);
+$filename_escaped = escapeshellarg($filename);
+var_dump(`$php -n -s $filename_escaped`);
+var_dump(`$php -n -s unknown`);
 
 @unlink($filename);
 

sapi/cli/tests/015.phpt

@@ -10,13 +10,13 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 
-echo `"$php" -n --version | grep built:`;
-echo `echo "<?php print_r(\\\$argv);" | "$php" -n -- foo bar baz`, "\n";
-echo `"$php" -n --version foo bar baz | grep built:`;
-echo `"$php" -n --notexisting foo bar baz 2>&1 | grep Usage:`;
+echo `$php -n --version | grep built:`;
+echo `echo "<?php print_r(\\\$argv);" | $php -n -- foo bar baz`, "\n";
+echo `$php -n --version foo bar baz | grep built:`;
+echo `$php -n --notexisting foo bar baz 2>&1 | grep Usage:`;
 
 echo "Done\n";
 ?>

sapi/cli/tests/016.phpt

@@ -11,7 +11,7 @@ if (readline_info('done') === NULL) {
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 // disallow console escape sequences that may break the output
 putenv('TERM=VT100');
@@ -56,7 +56,7 @@ EOT;
 foreach ($codes as $key => $code) {
     echo "\n--------------\nSnippet no. $key:\n--------------\n";
     $code = escapeshellarg($code);
-    echo `echo $code | "$php" -a`, "\n";
+    echo `echo $code | $php -a`, "\n";
 }
 
 echo "\nDone\n";

sapi/cli/tests/017.phpt

@@ -11,7 +11,7 @@ if (readline_info('done') !== NULL) {
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 $ini = getenv('TEST_PHP_EXTRA_ARGS');
 $descriptorspec = [['pipe', 'r'], STDOUT, STDERR];
 

sapi/cli/tests/018.phpt

@@ -10,10 +10,10 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 
-echo `"$php" -n -m`;
+echo `$php -n -m`;
 
 echo "Done\n";
 ?>

sapi/cli/tests/019.phpt

@@ -10,10 +10,10 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 
-echo `"$php" -n -i`;
+echo `$php -n -i`;
 
 echo "\nDone\n";
 ?>

sapi/cli/tests/020.phpt

@@ -10,11 +10,11 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 
-echo `"$php" -n --ri this_extension_does_not_exist_568537753423`;
-echo `"$php" -n --ri standard`;
+echo `$php -n --ri this_extension_does_not_exist_568537753423`;
+echo `$php -n --ri standard`;
 
 echo "\nDone\n";
 ?>

sapi/cli/tests/021.phpt

@@ -7,6 +7,10 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
     die ("skip not for Windows");
 }
 
+if (str_contains(getenv('TEST_PHP_EXECUTABLE'), " ")) {
+    die("skip shebang cannot have spaces in its path");
+}
+
 if (strlen("#!".getenv('TEST_PHP_EXECUTABLE')) > 127) {
         die ("skip shebang is too long, see http://www.in-ulm.de/~mascheck/various/shebang/#results");
 }

sapi/cli/tests/022.phpt

@@ -7,7 +7,7 @@ if (substr(PHP_OS, 0, 3) == "WIN") die("skip non windows test");
 ?>
 --FILE--
 <?php
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $socket_file = tempnam(sys_get_temp_dir(), pathinfo(__FILE__, PATHINFO_FILENAME) . '.sock');
 $test_file = __DIR__ . '/' . pathinfo(__FILE__, PATHINFO_FILENAME) . '.inc';
 if (file_exists($socket_file)) {

sapi/cli/tests/023.phpt

@@ -7,9 +7,10 @@ if (substr(PHP_OS, 0, 3) == "WIN") die("skip non windows test");
 ?>
 --FILE--
 <?php
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $cwd = getcwd();
 $ini_file = __DIR__ . "/023.ini";
+$ini_file_escaped = escapeshellarg($ini_file);
 file_put_contents($ini_file, <<<INI
 ; no sections should match as cli doesn't support any
 memory_limit = 40M
@@ -27,7 +28,7 @@ $desc = array(
     2 => array("pipe", "w"),
 );
 $pipes = array();
-$proc = proc_open("$php -c $ini_file -r 'echo ini_get(\"memory_limit\");'", $desc, $pipes);
+$proc = proc_open("$php -c $ini_file_escaped -r 'echo ini_get(\"memory_limit\");'", $desc, $pipes);
 if (!$proc) {
     exit(1);
 }

sapi/cli/tests/argv_mb.phpt

@@ -7,12 +7,13 @@ include "skipif.inc";
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $argv_fl = __DIR__ . DIRECTORY_SEPARATOR . "argv_test.php";
+$argv_fl_escaped = escapeshellarg($argv_fl);
 file_put_contents($argv_fl, "<?php var_dump(\$argv); ?>");
 
-var_dump(`$php -n $argv_fl 多字节字符串 マルチバイト文字列 многобайтоваястрока flerbytesträng`);
+var_dump(`$php -n $argv_fl_escaped 多字节字符串 マルチバイト文字列 многобайтоваястрока flerbytesträng`);
 
 @unlink($argv_fl);
 

sapi/cli/tests/bug61546.phpt

@@ -11,7 +11,7 @@ Bug #61546 (functions related to current script failed when chdir() in cli sapi)
 // the ext/standard/tests/file/statpage.phpt test also tests getmyinode() returns an integer and will
 // pass even if that integer is 0. on Windows, the getmyinode() call in statpage.phpt returns 0 and
 // passes on Windows.
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $test_code = <<<PHP
 <?php
 chdir('..');

sapi/cli/tests/bug62294.phpt

@@ -3,8 +3,8 @@ Bug #62294: register_shutdown_function() does not handle exit code correctly
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' -n ' . __DIR__ . '/bug62294.inc', $output, $exit_status);
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+exec($php . ' -n ' . escapeshellarg(__DIR__ . '/bug62294.inc'), $output, $exit_status);
 var_dump($exit_status);
 
 ?>

sapi/cli/tests/bug64529.phpt

@@ -18,7 +18,7 @@ if ($ret) {
 --FILE--
 <?php
 $expect_executable = trim(`which expect`);
-$php_executable = getenv('TEST_PHP_EXECUTABLE');
+$php_executable = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 $script = __DIR__ . "/expect.sh";
 
 if (extension_loaded("readline")) {

sapi/cli/tests/bug65275.phpt

@@ -3,8 +3,8 @@ Bug #65275: Calling exit() in a shutdown function does not change the exit value
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' ' . __DIR__ . '/bug65275.inc', $output, $exit_status);
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
+exec($php . ' ' . escapeshellarg(__DIR__ . '/bug65275.inc'), $output, $exit_status);
 var_dump($exit_status);
 
 ?>

sapi/cli/tests/bug71624.phpt

@@ -7,9 +7,10 @@ include "skipif.inc";
 --FILE--
 <?php
 
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 $filename_txt = __DIR__ . DIRECTORY_SEPARATOR . "bug71624.test.txt";
+$filename_txt_escaped = escapeshellarg($filename_txt);
 
 $txt = 'foo
 test
@@ -21,9 +22,9 @@ file_put_contents($filename_txt, $txt);
 $test_args = ['$argi', '$argn'];
 foreach ($test_args as $test_arg) {
     if (substr(PHP_OS, 0, 3) == 'WIN') {
-        var_dump(`type "$filename_txt" | "$php" -n -R "echo $test_arg . PHP_EOL;"`);
+        var_dump(`type $filename_txt_escaped | $php -n -R "echo $test_arg . PHP_EOL;"`);
     } else {
-        var_dump(`cat "$filename_txt" | "$php" -n -R 'echo $test_arg . PHP_EOL;'`);
+        var_dump(`cat $filename_txt_escaped | $php -n -R 'echo $test_arg . PHP_EOL;'`);
     }
 }
 

sapi/cli/tests/bug74600.phpt

@@ -7,8 +7,9 @@ if (substr(PHP_OS, 0, 3) == "WIN") die("skip non windows test");
 ?>
 --FILE--
 <?php
-$php = getenv("TEST_PHP_EXECUTABLE");
+$php = getenv("TEST_PHP_EXECUTABLE_ESCAPED");
 $ini_file = __DIR__ . "/bug74600.ini";
+$ini_file_escaped = escapeshellarg($ini_file);
 file_put_contents($ini_file, <<<INI
 [PHP]\n;\rs=\000\000=\n;\r[PATH\000]\000\376 =\n
 INI
@@ -19,7 +20,7 @@ $desc = array(
     2 => array("pipe", "w"),
 );
 $pipes = array();
-$proc = proc_open("$php -c $ini_file -r 'echo \"okey\";'", $desc, $pipes);
+$proc = proc_open("$php -c $ini_file_escaped -r 'echo \"okey\";'", $desc, $pipes);
 if (!$proc) {
     exit(1);
 }

sapi/cli/tests/bug78323.phpt

@@ -6,7 +6,7 @@ include "skipif.inc";
 ?>
 --FILE--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 
 // There are 3 types of option errors:
 // 1 : in flags

sapi/cli/tests/sapi_windows_set_ctrl_handler.phpt

@@ -24,7 +24,7 @@ if ($is_child) {
 
     while(1) usleep(100);
 } else {
-    $cmd = PHP_BINARY . " -n " . $argv[0] . " 1";
+    $cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n " . $argv[0] . " 1";
     $spec = [0 => ["pipe", "r"], 1 => ["pipe", "w"]];
 
     $proc = proc_open($cmd, $spec, $pipes, NULL, NULL, ["bypass_shell" => true, "create_process_group" => true]);

sapi/phpdbg/tests/bug73615.phpt

@@ -7,7 +7,7 @@ if (!getenv('TEST_PHPDBG_EXECUTABLE')) die("SKIP: No TEST_PHPDBG_EXECUTABLE spec
 --FILE--
 <?php
 
-$phpdbg = getenv('TEST_PHPDBG_EXECUTABLE');
+$phpdbg = getenv('TEST_PHPDBG_EXECUTABLE_ESCAPED');
 
 chdir(__DIR__."/bug73615");
 

tests/basic/bug71273.phpt

@@ -4,7 +4,7 @@ Bug #71273 A wrong ext directory setup in php.ini leads to crash
 <?php
     /* NOTE this file is required to be encoded in iso-8859-1 */
 
-    $cmd = getenv('TEST_PHP_EXECUTABLE') . " -n -d html_errors=on -d extension_dir=a/é/w -d extension=php_kartoffelbrei.dll -v 2>&1";
+    $cmd = getenv('TEST_PHP_EXECUTABLE_ESCAPED') . " -n -d html_errors=on -d extension_dir=a/é/w -d extension=php_kartoffelbrei.dll -v 2>&1";
     $out = shell_exec($cmd);
 
     var_dump(preg_match(",.+a[\\/].+[\\/]w.php_kartoffelbrei.dll.+,s", $out));

tests/run-test/extensions-shared.phpt

@@ -4,7 +4,7 @@ phpt EXTENSIONS directive - shared module
 openssl
 --SKIPIF--
 <?php
-$php = getenv('TEST_PHP_EXECUTABLE');
+$php = getenv('TEST_PHP_EXECUTABLE_ESCAPED');
 if (false !== stripos(`$php -n -m`, 'openssl')) {
     die('skip openssl is built static');
 }