Reapply "Explicitly validate popen mode"

To avoid behavior differences due to libc. This time with the
check only for the non-win32 case, as Windows support additional
modifiers here (t/b).

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 98578376b001c90433bdeb7f431f9d3b29e775db..058d78688d0d23a52353ffb2f7ff6ba4558d514f 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -930,8 +930,16 @@ PHP_FUNCTION(popen)
                char *z = memchr(posix_mode, 'b', mode_len);
                if (z) {
                        memmove(z, z + 1, mode_len - (z - posix_mode));
+                       mode_len--;
                }
        }
+
+       /* Musl only partially validates the mode. Manually check it to ensure consistent behavior. */
+       if (mode_len != 1 || (*posix_mode != 'r' && *posix_mode != 'w')) {
+               php_error_docref2(NULL, command, posix_mode, E_WARNING, "Invalid mode");
+               efree(posix_mode);
+               RETURN_FALSE;
+       }
 #endif
 
        fp = VCWD_POPEN(command, posix_mode);