From 8405d98625657057857b11cd9605b44571658720 Mon Sep 17 00:00:00 2001
From: Tim Kelty <tim@craftcms.com>
Date: Mon, 16 Sep 2024 15:42:50 -0400
Subject: [PATCH] Pass command args as array so Process escapes them

---
 src/runtime/event/CliHandler.php | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/runtime/event/CliHandler.php b/src/runtime/event/CliHandler.php
index 5c59644..276fae3 100644
--- a/src/runtime/event/CliHandler.php
+++ b/src/runtime/event/CliHandler.php
@@ -22,33 +22,38 @@ class CliHandler implements Handler
      */
     public function handle(mixed $event, Context $context, $throw = false): array
     {
-        $commandArgs = $event['command'] ?? null;
+        $commandString = $event['command'] ?? null;
 
-        if (!$commandArgs) {
+        if (!$commandString) {
             throw new \Exception('No command found.');
         }
 
-        $php = PHP_BINARY;
-        $command = escapeshellcmd("{$php} {$this->scriptPath} {$commandArgs}");
         $remainingSeconds = $context->getRemainingTimeInMillis() / 1000;
         $timeout = max(1, $remainingSeconds - 1);
-        $this->process = Process::fromShellCommandline($command, null, [
-            'LAMBDA_INVOCATION_CONTEXT' => json_encode($context, JSON_THROW_ON_ERROR),
-        ], null, $timeout);
+        $commandArgs = explode(' ', $commandString);
+        $this->process = new Process(
+            [PHP_BINARY, $this->scriptPath, ...$commandArgs],
+            null,
+            [
+                'LAMBDA_INVOCATION_CONTEXT' => json_encode($context, JSON_THROW_ON_ERROR),
+            ],
+            null,
+            $timeout,
+        );
 
         echo "Function time remaining: {$remainingSeconds} seconds";
 
         try {
-            echo "Running command with $timeout second timeout: $command";
+            echo "Running command with $timeout second timeout: {$this->process->getCommandLine()}";
 
             /** @throws ProcessTimedOutException|ProcessFailedException */
             $this->process->mustRun(function($type, $buffer): void {
                 echo $buffer;
             });
 
-            echo "Command succeeded after {$this->getTotalRunningTime()} seconds: $command\n";
+            echo "Command succeeded after {$this->getTotalRunningTime()} seconds: {$this->process->getCommandLine()}\n";
         } catch (\Throwable $e) {
-            echo "Command failed after {$this->getTotalRunningTime()} seconds: $command\n";
+            echo "Command failed after {$this->getTotalRunningTime()} seconds: {$this->process->getCommandLine()}\n";
             echo "Exception while handling CLI event:\n";
             echo "{$e->getMessage()}\n";
             echo "{$e->getTraceAsString()}\n";