From a86c87df2dc2d3bf82bd87cddd888f899306a451 Mon Sep 17 00:00:00 2001
From: Sara Golemon <pollita@php.net>
Date: Thu, 1 Jun 2017 15:42:17 -0700
Subject: [PATCH] Escape value passed to exec()

getmypid() is safe, but no harm being EXTRA safe.
---
 ext/phar/tests/tar/bug70417.phpt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/phar/tests/tar/bug70417.phpt b/ext/phar/tests/tar/bug70417.phpt
index 9d30aae7a9..0202ca9472 100644
--- a/ext/phar/tests/tar/bug70417.phpt
+++ b/ext/phar/tests/tar/bug70417.phpt
@@ -13,7 +13,7 @@ if ($status !== 0) {
 --FILE--
 <?php
 function countOpenFiles() {
-    exec('lsof -p ' . getmypid() . ' 2> /dev/null', $out);
+    exec('lsof -p ' . escapeshellarg(getmypid()) . ' 2> /dev/null', $out);
     return count($out);
 }
 $filename = __DIR__ . '/bug70417.tar';
-- 
2.40.0