Skip to content

Commit 563462f

Browse files
smalyshevsmalyshev
committed
Fixed bug #69646 (OS command injection vulnerability in escapeshellarg)
1 parent e4aa5c0 commit 563462f

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

ext/standard/exec.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -383,6 +383,14 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
383383
}
384384
}
385385
#ifdef PHP_WIN32
386+
if (y > 0 && '\\' == cmd->val[y - 1]) {
387+
int k = 0, n = y - 1;
388+
for (; n >= 0 && '\\' == cmd->val[n]; n--, k++);
389+
if (k % 2) {
390+
cmd->val[y++] = '\\';
391+
}
392+
}
393+
386394
cmd->val[y++] = '"';
387395
#else
388396
cmd->val[y++] = '\'';

0 commit comments

Comments
 (0)