From: Stanislav Malyshev <stas@php.net>
Date: Wed, 10 Jun 2015 04:37:17 +0000 (-0700)
Subject: Fixed bug #69646 (OS command injection vulnerability in escapeshellarg)
X-Git-Tag: php-7.0.0alpha1^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=563462fbf8c45c5fe54c6b215d6ec76b5b3f867c;p=php

Fixed bug #69646 (OS command injection vulnerability in escapeshellarg)
---

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index 71dfc7c361..60fd7ba1aa 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -383,6 +383,14 @@ PHPAPI zend_string *php_escape_shell_arg(char *str)
 		}
 	}
 #ifdef PHP_WIN32
+	if (y > 0 && '\\' == cmd->val[y - 1]) {
+		int k = 0, n = y - 1;
+		for (; n >= 0 && '\\' == cmd->val[n]; n--, k++);
+		if (k % 2) {
+			cmd->val[y++] = '\\';
+		}
+	}
+
 	cmd->val[y++] = '"';
 #else
 	cmd->val[y++] = '\'';