bug #11598 [Finder] Shell escape and windows support (Gordon Franke, gimler)
This PR was merged into the 2.3 branch. Discussion ---------- [Finder] Shell escape and windows support | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | License | MIT Add escaping of command passed to Shell::testCommand(). Fix todo add support for windows. Commits -------c70a226
change command to which available under most unix systems85e77b1
add way to test command under windows4fa9288
fix shell command injection
This commit is contained in:
commit
976a1cc11c
@ -50,17 +50,19 @@ class Shell
|
|||||||
*/
|
*/
|
||||||
public function testCommand($command)
|
public function testCommand($command)
|
||||||
{
|
{
|
||||||
if (self::TYPE_WINDOWS === $this->type) {
|
|
||||||
// todo: find a way to test if Windows command exists
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!function_exists('exec')) {
|
if (!function_exists('exec')) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// todo: find a better way (command could not be available)
|
// todo: find a better way (command could not be available)
|
||||||
exec('command -v '.$command, $output, $code);
|
$testCommand = 'which ';
|
||||||
|
if (self::TYPE_WINDOWS === $this->type) {
|
||||||
|
$testCommand = 'where ';
|
||||||
|
}
|
||||||
|
|
||||||
|
$command = escapeshellcmd($command);
|
||||||
|
|
||||||
|
exec($testCommand.$command, $output, $code);
|
||||||
|
|
||||||
return 0 === $code && count($output) > 0;
|
return 0 === $code && count($output) > 0;
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user