Merge branch 'PHP-5.6'

* PHP-5.6:
  Add NULL byte protection to exec, system and passthru

diff --cc ext/standard/exec.c
index 132d1afab0b1bc36a5a544bfdc42af1dc0d41f8d,683878877b3afb206c3644329e1c13e3fc0c3d98..a72757373556e6257c51adfc5189f0757f04537a
--- 1/ext/standard/exec.c
--- 2/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@@ -186,12 -185,16 +186,16 @@@ static void php_exec_ex(INTERNAL_FUNCTI
                }
        }
        if (!cmd_len) {
 -              php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute a blank command");
 +              php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
                RETURN_FALSE;
        }
+       if (strlen(cmd) != cmd_len) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "NULL byte detected. Possible attack");
+               RETURN_FALSE;
+       }
  
        if (!ret_array) {
 -              ret = php_exec(mode, cmd, NULL, return_value TSRMLS_CC);
 +              ret = php_exec(mode, cmd, NULL, return_value);
        } else {
                if (Z_TYPE_P(ret_array) != IS_ARRAY) {
                        zval_dtor(ret_array);