From: Sara Golemon <pollita@php.net>
Date: Thu, 1 Jun 2017 22:42:17 +0000 (-0700)
Subject: Escape value passed to exec()
X-Git-Tag: php-7.2.0alpha1~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a86c87df2dc2d3bf82bd87cddd888f899306a451;p=php

Escape value passed to exec()

getmypid() is safe, but no harm being EXTRA safe.
---

diff --git a/ext/phar/tests/tar/bug70417.phpt b/ext/phar/tests/tar/bug70417.phpt
index 9d30aae7a9..0202ca9472 100644
--- a/ext/phar/tests/tar/bug70417.phpt
+++ b/ext/phar/tests/tar/bug70417.phpt
@@ -13,7 +13,7 @@ if ($status !== 0) {
 --FILE--
 <?php
 function countOpenFiles() {
-    exec('lsof -p ' . getmypid() . ' 2> /dev/null', $out);
+    exec('lsof -p ' . escapeshellarg(getmypid()) . ' 2> /dev/null', $out);
     return count($out);
 }
 $filename = __DIR__ . '/bug70417.tar';