I'm running a process using Laravel which relies on Symfony Process component as follow.
$process= new Process(['binary', $param1, $param2]);
$process->setTimeout(3600);
$process->run();
It works fine excepted when a parameter contains special characters which are interpreted by the shell.
When I run my process directly in shell I have the exact same issue.
If I escape parameters by surrounding them with simple quotes it works well.
So it seems that the issue comes from how the Process component escapes parameters.
Since Symfony 5, the Process component doesn't accept strings as constructor parameter anymore
So I can't escape parameters as follow
new Process("binary '".$param1."' '".$param2."'");
From my opinion, the Process component should escape parameters correctly but it's obviously not the case.
Does anybody knows why special characters are not correctly escaped ? How could I surround both username and password with simple quotes ?
I achieved my goal by using
Process::fromShellCommandline
I directly compose the command into a string and then pass the command with escaped parameters.
Still don't know why special characters are not correctly escaped using a string array with
new Process