Skip to content

Commit 8036758

Browse files
smalyshevsmalyshev
committed
Fix bug #69646 OS command injection vulnerability in escapeshellarg
1 parent f7d7bef commit 8036758

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

ext/standard/exec.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -380,6 +380,14 @@ PHPAPI char *php_escape_shell_arg(char *str)
380380
}
381381
}
382382
#ifdef PHP_WIN32
383+
if (y > 0 && '\\' == cmd[y - 1]) {
384+
int k = 0, n = y - 1;
385+
for (; n >= 0 && '\\' == cmd[n]; n--, k++);
386+
if (k % 2) {
387+
cmd[y++] = '\\';
388+
}
389+
}
390+
383391
cmd[y++] = '"';
384392
#else
385393
cmd[y++] = '\'';

0 commit comments

Comments
 (0)