1
0
Fork 0

Merge pull request from GHSA-frqg-7g38-6gcf

pull/10150/head
Jordi Boggiano 2021-10-05 09:28:42 +02:00 committed by GitHub
parent 532c6e7933
commit b3eebeb3b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 34 deletions

View File

@ -129,7 +129,7 @@ EOT
$process = new ProcessExecutor($this->getIO());
if (Platform::isWindows()) {
return $process->execute('start "web" explorer "' . $url . '"', $output);
return $process->execute('start "web" explorer ' . $url, $output);
}
$linux = $process->execute('which xdg-open', $output);

View File

@ -455,7 +455,7 @@ class ProcessExecutor
}
/**
* Copy of ProcessUtils::escapeArgument() that is deprecated in Symfony 3.3 and removed in Symfony 4.
* Copy of Symfony's Process::escapeArgument() which is private
*
* @param string $argument
*
@ -463,41 +463,22 @@ class ProcessExecutor
*/
private static function escapeArgument($argument)
{
//Fix for PHP bug #43784 escapeshellarg removes % from given string
//Fix for PHP bug #49446 escapeshellarg doesn't work on Windows
//@see https://bugs.php.net/bug.php?id=43784
//@see https://bugs.php.net/bug.php?id=49446
if ('\\' === DIRECTORY_SEPARATOR) {
if ((string) $argument === '') {
return escapeshellarg($argument);
if ('' === $argument || null === $argument) {
return '""';
}
$escapedArgument = '';
$quote = false;
foreach (preg_split('/(")/', $argument, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE) as $part) {
if ('"' === $part) {
$escapedArgument .= '\\"';
} elseif (self::isSurroundedBy($part, '%')) {
// Avoid environment variable expansion
$escapedArgument .= '^%"'.substr($part, 1, -1).'"^%';
} else {
// escape trailing backslash
if ('\\' === substr($part, -1)) {
$part .= '\\';
}
$quote = true;
$escapedArgument .= $part;
}
}
if ($quote) {
$escapedArgument = '"'.$escapedArgument.'"';
}
return $escapedArgument;
}
if ('\\' !== \DIRECTORY_SEPARATOR) {
return "'".str_replace("'", "'\\''", $argument)."'";
}
if (str_contains($argument, "\0")) {
$argument = str_replace("\0", '?', $argument);
}
if (!preg_match('/[\/()%!^"<>&|\s]/', $argument)) {
return $argument;
}
$argument = preg_replace('/(\\\\+)$/', '$1$1', $argument);
return '"'.str_replace(['"', '^', '%', '!', "\n"], ['""', '"^^"', '"^%"', '"^!"', '!LF!'], $argument).'"';
}
/**
* @param string $arg