Description
Since Symfony 3.3, the Process component accepts an array of arguments as the $commandline which will then enable autoescaping automatically. See symfony/symfony-docs#9988 and the tweet by @nicolas-grekas. Without that tweet I would have probably completely missed out on that feature and I think a lot of devs are. But I think in probably 99% of all cases you would want to have this feature enabled. However, right now, nothing tells you that you're probably doing things wrong. It will just - maybe even silently - fail on different platforms. And that's not a good situation.
I think most developers still choose new Process('string commandline'); because that's how it used to work ever since even though they would prefer having the arguments escaped. This is too much magic for me (pass a string -> behaves like this, pass an array -> behaves differently but you never get an error). I think if a developer really wants to handle the underlying details for stream redirection etc. they should explicitly opt-in for that, not opt-out.
So I think the first constructor argument of Process should only accept an array and if you really want to pass in a string, you should tell the Process that you know what you're doing. There are multiple solutions how we could achieve that:
- Adding a new method to disable escaping and checking in the
start()method if argument escaping was disabled explicitly:
$process = new Process('string command');
$process->start(); // Raises deprecation, in 5.0 exception
$process = new Process('string command');
$process->disableArgumentEscaping(); // Developer now explicitly disables escaping which is what we want
$process->start(); // This is fine now- New class:
$process = new Process('string command'); // deprecated, use ShellProcess if you want to disable argument escaping, in 5.0 use array as typehint
$process = new Process(['string', 'command']); // correct
$process = new ShellProcess('string command'); // correctWdyt?