1
0
Fork 0

Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion

pull/12217/head
Jordi Boggiano 2024-06-10 21:28:19 +02:00
parent 47374343a1
commit ba4ad2408a
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 3 additions and 1 deletions

View File

@ -488,7 +488,9 @@ class ProcessExecutor
}
// New lines break cmd.exe command parsing
$argument = strtr($argument, "\n", ' ');
// and special chars like the fullwidth quote can be used to break out
// of parameter encoding via "Best Fit" encoding conversion
$argument = strtr($argument, ["\n" => ' ', '' => '"', '' => ':', '' => '/']);
// In addition to whitespace, commas need quoting to preserve paths
$quote = strpbrk($argument, " \t,") !== false;