8000 Is there a reason not to use escapeshellarg in Process · Issue #29469 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

Is there a reason not to use escapeshellarg in Process #29469

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tomasfejfar opened this issue Dec 5, 2018 · 2 comments
Closed

Is there a reason not to use escapeshellarg in Process #29469

tomasfejfar opened this issue Dec 5, 2018 · 2 comments
Labels
Process

Comments

@tomasfejfar
Copy link
Contributor

I've noticed that \Symfony\Component\Process\Process::escapeArgument does not use php's native escapeshellarg function, but rather implements escaping in userland. That does not take advantage of potential security fixes in PHP itself.

Is there a reason why it's not using it?
@tomasfejfar tomasfejfar mentioned this issue Dec 5, 2018
Merged
@apfelbox
Copy link
Contributor
apfelbox commented Dec 5, 2018
edited
Loading

See discussion in #21347 (apparently it doesn't work reliably across all supported OS)

@tomasfejfar
Copy link
Contributor Author

Thx.

@xabbuh xabbuh added the Process label Dec 6, 2018
@tomasfejfar tomasfejfar mentioned this issue Aug 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomasfejfar @apfelbox @xabbuh
0