Skip to content
Permalink
Browse files

Helpers::getSource() improved escaping of cmdline arguments

  • Loading branch information...
dg committed Mar 9, 2019
1 parent e935bdf commit 88ee5949d986500f449728051621dc11c2eb6ae7
Showing with 16 additions and 1 deletion.
  1. +16 −1 src/Tracy/Helpers.php
@@ -166,7 +166,7 @@ public static function getSource(): string
. $_SERVER['REQUEST_URI'];
} else {
return 'CLI (PID: ' . getmypid() . ')'
. (empty($_SERVER['argv']) ? '' : ': ' . implode(' ', $_SERVER['argv']));
. ': ' . implode(' ', array_map([self::class, 'escapeArg'], $_SERVER['argv']));
}
}
@@ -302,4 +302,19 @@ public static function getNonce(): ?string
? $m[1]
: null;
}
/**
* Escape a string to be used as a shell argument.
*/
private static function escapeArg(string $s): string
{
if (preg_match('#^[a-z0-9._=/:-]+\z#i', $s)) {
return $s;
}
return defined('PHP_WINDOWS_VERSION_BUILD')
? '"' . str_replace('"', '""', $s) . '"'
: escapeshellarg($s);
}
}

0 comments on commit 88ee594

Please sign in to comment.
You can’t perform that action at this time.