-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
escapeArgs option is not working properly #44
Comments
Kirill89
changed the title
escapeArgs option is not working properly
Dec 18, 2019
escapeArgs
option is not working properly
Thanks. If you have an idea for a fix, please let me know or provide a MR. Some examples of the expected output would also be great. I could add it to the tests so we can verify that the problem is fixed later. |
Kirill89
added a commit
to Kirill89/php-shellcommand
that referenced
this issue
Dec 19, 2019
Kirill89
added a commit
to Kirill89/php-shellcommand
that referenced
this issue
Dec 19, 2019
Released 1.6.1 containing this fix. Thanks for bringing this up! |
This was referenced Jan 3, 2020
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I expect that
addArg()
escapes all arguments preventing possibility of command injection from untrusted sources.Because in the
README.md
I see:But it is not actually happens.
PoC:
Disclaimer
This thread was initially started as a private email conversation. @mikehaertl asked me to open an issue here.
The text was updated successfully, but these errors were encountered: