1
0
Fork 0

Add more characters for best fit encoding protection

2.2
Jordi Boggiano 2024-06-10 22:08:29 +02:00
parent ba4ad2408a
commit 54a3beda47
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 15 additions and 1 deletions

View File

@ -490,7 +490,21 @@ class ProcessExecutor
// New lines break cmd.exe command parsing // New lines break cmd.exe command parsing
// and special chars like the fullwidth quote can be used to break out // and special chars like the fullwidth quote can be used to break out
// of parameter encoding via "Best Fit" encoding conversion // of parameter encoding via "Best Fit" encoding conversion
$argument = strtr($argument, ["\n" => ' ', '' => '"', '' => ':', '' => '/']); $argument = strtr($argument, [
"\n" => ' ',
"\u{ff02}" => '"',
"\u{02ba}" => '"',
"\u{301d}" => '"',
"\u{301e}" => '"',
"\u{030e}" => '"',
"\u{ff1a}" => ':',
"\u{0589}" => ':',
"\u{2236}" => ':',
"\u{ff0f}" => '/',
"\u{2044}" => '/',
"\u{2215}" => '/',
"\u{00b4}" => '/',
]);
// In addition to whitespace, commas need quoting to preserve paths // In addition to whitespace, commas need quoting to preserve paths
$quote = strpbrk($argument, " \t,") !== false; $quote = strpbrk($argument, " \t,") !== false;