public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion

pull/12013/head
Jordi Boggiano 2024-06-10 21:28:19 +02:00
parent 5aa7b03b9d
commit 3130a7455a
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Composer/Util/ProcessExecutor.php
View File

@ -495,7 +495,9 @@ class ProcessExecutor
}
// New lines break cmd.exe command parsing
$argument = strtr($argument, "\n", ' ');
// and special chars like the fullwidth quote can be used to break out
// of parameter encoding via "Best Fit" encoding conversion
$argument = strtr($argument, ["\n" => ' ', '' => '"', '' => ':', '' => '/']);
// In addition to whitespace, commas need quoting to preserve paths
$quote = strpbrk($argument, " \t,") !== false;