From 2c995e57aada3385bf9123b9bd11acb542e1b021 Mon Sep 17 00:00:00 2001
From: Jim Winstead <jimw@trainedmonkey.com>
Date: Sat, 21 Dec 2024 18:01:11 -0800
Subject: [PATCH 1/2] Add warnings to use `php_sapi_name()` to test when
 running as CLI

---
 features/commandline.xml               | 10 ++++++++++
 language/predefined/variables/argv.xml |  8 ++++++++
 2 files changed, 18 insertions(+)

diff --git a/features/commandline.xml b/features/commandline.xml
index 47856477d818..d228c2ce2e00 100644
--- a/features/commandline.xml
+++ b/features/commandline.xml
@@ -182,6 +182,16 @@
            also be found in the <varname>$_SERVER</varname> array, for example:
            <varname>$_SERVER['argv']</varname>.
           </para>
+          <warning>
+           <simpara>
+            If a PHP script can be run via the command line or through another SAPI,
+            <function>php_sapi_name</function> should be used to check whether the
+            script is being run from the command line and <varname>$argv</varname>
+            is safe to use, otherwise arbitrary arguments may be passed to the
+            script via other SAPIs depending on how
+            <link linkend="ini.register-argc-argv">register_argc_argv</link> is set.
+           </simpara>
+          </warning>
           </entry>
          </row>
          <row>
diff --git a/language/predefined/variables/argv.xml b/language/predefined/variables/argv.xml
index d20bb41dc2ee..06ac25003610 100644
--- a/language/predefined/variables/argv.xml
+++ b/language/predefined/variables/argv.xml
@@ -25,6 +25,14 @@
     is disabled.
    </simpara>
   </note>
+  <warning>
+   <simpara>
+    To test if a script is being run from the command
+    line, <function>php_sapi_name</function> should be used
+    instead of checking whether <varname>$argv</varname> or
+    <varname>$_SERVER['argv']</varname> is set.
+   </simpara>
+  </warning>
  </refsect1>
  
  <refsect1 role="examples">

From 7b2cfa01e97e00ea9a13290c008772742309b515 Mon Sep 17 00:00:00 2001
From: Jim Winstead <jimw@trainedmonkey.com>
Date: Fri, 27 Dec 2024 14:06:44 -0800
Subject: [PATCH 2/2] Rewrite bit about not relying on $argv and using
 php_sapi_name()

---
 features/commandline.xml | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/features/commandline.xml b/features/commandline.xml
index d228c2ce2e00..707fb33976a7 100644
--- a/features/commandline.xml
+++ b/features/commandline.xml
@@ -183,14 +183,25 @@
            <varname>$_SERVER['argv']</varname>.
           </para>
           <warning>
-           <simpara>
-            If a PHP script can be run via the command line or through another SAPI,
-            <function>php_sapi_name</function> should be used to check whether the
-            script is being run from the command line and <varname>$argv</varname>
-            is safe to use, otherwise arbitrary arguments may be passed to the
-            script via other SAPIs depending on how
-            <link linkend="ini.register-argc-argv">register_argc_argv</link> is set.
-           </simpara>
+           <para>
+            The presence of <varname>$argv</varname> or <varname>$_SERVER['argv']</varname>
+            is not a reliable indication that a script is being run from the
+            command line because they may be set in other contexts when
+            <link linkend="ini.register-argc-argv">register_argc_argv</link> is enabled.
+            The value returned by <function>php_sapi_name</function> should be checked
+            instead.
+            <informalexample>
+             <programlisting role="php">
+<![CDATA[
+<?php
+
+if (php_sapi_name() === 'cli') {
+    echo "This is being run from the command line!\n";
+}
+]]>
+             </programlisting>
+            </informalexample>
+           </para>
           </warning>
           </entry>
          </row>