bug #11598 [Finder] Shell escape and windows support (Gordon Franke, gimler)

This PR was merged into the 2.3 branch.

Discussion
----------

[Finder] Shell escape and windows support

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| License       | MIT

Add escaping of command passed to Shell::testCommand().
Fix todo add support for windows.

Commits
-------

c70a226 change command to which available under most unix systems
85e77b1 add way to test command under windows
4fa9288 fix shell command injection

src/Symfony/Component/Finder/Shell/Shell.php

@@ -50,17 +50,19 @@ class Shell
      */
     public function testCommand($command)
     {
-        if (self::TYPE_WINDOWS === $this->type) {
-            // todo: find a way to test if Windows command exists
-            return false;
-        }
-
         if (!function_exists('exec')) {
             return false;
         }
 
         // todo: find a better way (command could not be available)
-        exec('command -v '.$command, $output, $code);
+        $testCommand = 'which ';
+        if (self::TYPE_WINDOWS === $this->type) {
+            $testCommand = 'where ';
+        }
+
+        $command = escapeshellcmd($command);
+
+        exec($testCommand.$command, $output, $code);
 
         return 0 === $code && count($output) > 0;
     }