Laravel process parameter escape

Question

I'm running a process using Laravel which relies on Symfony Process component as follow.

$process= new Process(['binary', $param1, $param2]);
$process->setTimeout(3600);
$process->run();

It works fine excepted when a parameter contains special characters which are interpreted by the shell.

When I run my process directly in shell I have the exact same issue.

If I escape parameters by surrounding them with simple quotes it works well.

So it seems that the issue comes from how the Process component escapes parameters.

Since Symfony 5, the Process component doesn't accept strings as constructor parameter anymore

So I can't escape parameters as follow

new Process("binary '".$param1."' '".$param2."'");

From my opinion, the Process component should escape parameters correctly but it's obviously not the case.

Does anybody knows why special characters are not correctly escaped ? How could I surround both username and password with simple quotes ?

Answer 1

I achieved my goal by using Process::fromShellCommandline

I directly compose the command into a string and then pass the command with escaped parameters.

$command = "binary '".$param1."' '".$param2."'";
$process = Process::fromShellCommandline($command);
$process->setTimeout(3600);
$process->run();

Still don't know why special characters are not correctly escaped using a string array with new Process