Fix bug #79330 - make all execution modes consistent in rejecting \0

(cherry picked from commit 14fcc81)

Author: smalyshev

NEWS

@@ -35,6 +35,7 @@ PHP                                                                        NEWS
     (cmb)
 
 - Standard:
+  . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas)
   . Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes
     without newline). (Christian Schneider)
 

ext/standard/exec.c

@@ -537,6 +537,15 @@ PHP_FUNCTION(shell_exec)
 		Z_PARAM_STRING(command, command_len)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (!command_len) {
+		php_error_docref(NULL, E_WARNING, "Cannot execute a blank command");
+		RETURN_FALSE;
+	}
+	if (strlen(command) != command_len) {
+		php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
+		RETURN_FALSE;
+	}
+
 #ifdef PHP_WIN32
 	if ((in=VCWD_POPEN(command, "rt"))==NULL) {
 #else