public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Add more characters for best fit encoding protection

pull/12013/head
Jordi Boggiano 2024-06-10 22:08:29 +02:00
parent ad8985e6b0
commit 04a63b324f
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Composer/Util/ProcessExecutor.php
View File

@ -497,7 +497,21 @@ class ProcessExecutor
// New lines break cmd.exe command parsing
// and special chars like the fullwidth quote can be used to break out
// of parameter encoding via "Best Fit" encoding conversion
$argument = strtr($argument, ["\n" => ' ', '' => '"', '' => ':', '' => '/']);
$argument = strtr($argument, [
"\n" => ' ',
"\u{ff02}" => '"',
"\u{02ba}" => '"',
"\u{301d}" => '"',
"\u{301e}" => '"',
"\u{030e}" => '"',
"\u{ff1a}" => ':',
"\u{0589}" => ':',
"\u{2236}" => ':',
"\u{ff0f}" => '/',
"\u{2044}" => '/',
"\u{2215}" => '/',
"\u{00b4}" => '/',
]);
// In addition to whitespace, commas need quoting to preserve paths
$quote = strpbrk($argument, " \t,") !== false;