Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5: added test for bug #69646
2024-09-24 19:37:26 +00:00 · 2015-06-11 12:07:32 +02:00 · 2015-06-11 12:07:32 +02:00 · b19790ab34
commit b19790ab34
parent 9d162550ac e711325ca6
1 changed files with 47 additions and 0 deletions
--- a/ext/standard/tests/general_functions/bug69646.phpt
+++ b/ext/standard/tests/general_functions/bug69646.phpt
@ -0,0 +1,47 @@
+--TEST--
+Bug #69646 OS command injection vulnerability in escapeshellarg()
+--SKIPIF--
+<?php
+if( substr(PHP_OS, 0, 3) != "WIN" )
+  die("skip.. Windows only");
+?>
+--FILE--
+<?php
+
+$a = 'a\\';
+$b = 'b -c d\\';
+var_dump( $a, escapeshellarg($a) );
+var_dump( $b, escapeshellarg($b) );
+
+$helper_script = <<<SCRIPT
+<?php
+
+print( "--- ARG INFO ---\n" );
+var_dump( \$argv );
+
+SCRIPT;
+
+$script = dirname(__FILE__) . DIRECTORY_SEPARATOR . "arginfo.php";
+file_put_contents($script, $helper_script);
+
+$cmd =  PHP_BINARY . " " . $script . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
+
+system($cmd);
+
+unlink($script);
+?>
+--EXPECTF--
+string(2) "a\"
+string(5) ""a\\""
+string(7) "b -c d\"
+string(10) ""b -c d\\""
+--- ARG INFO ---
+array(3) {
+  [0]=>
+  string(%d) "%sarginfo.php"
+  [1]=>
+  string(2) "a\"
+  [2]=>
+  string(7) "b -c d\"
+}
+