From 4fa9288fda838482a9fe8d594f9cfda5c1e7591e Mon Sep 17 00:00:00 2001
From: Gordon Franke <gordon.franke@sap.com>
Date: Thu, 7 Aug 2014 09:01:16 +0200
Subject: [PATCH] fix shell command injection

---
 src/Symfony/Component/Finder/Shell/Shell.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Symfony/Component/Finder/Shell/Shell.php b/src/Symfony/Component/Finder/Shell/Shell.php
index 8586cbc3e5..f65f16d372 100644
--- a/src/Symfony/Component/Finder/Shell/Shell.php
+++ b/src/Symfony/Component/Finder/Shell/Shell.php
@@ -59,6 +59,8 @@ class Shell
             return false;
         }
 
+        $command = escapeshellcmd($command);
+
         // todo: find a better way (command could not be available)
         exec('command -v '.$command, $output, $code);