1--TEST-- 2Bug #69646 OS command injection vulnerability in escapeshellarg() 3--SKIPIF-- 4<?php 5if( substr(PHP_OS, 0, 3) != "WIN" ) 6 die("skip.. Windows only"); 7?> 8--FILE-- 9<?php 10 11$a = 'a\\'; 12$b = 'b -c d\\'; 13var_dump( $a, escapeshellarg($a) ); 14var_dump( $b, escapeshellarg($b) ); 15 16$helper_script = <<<SCRIPT 17<?php 18 19print( "--- ARG INFO ---\n" ); 20var_dump( \$argv ); 21 22SCRIPT; 23 24$script = dirname(__FILE__) . DIRECTORY_SEPARATOR . "arginfo.php"; 25file_put_contents($script, $helper_script); 26 27$cmd = PHP_BINARY . " " . $script . " " . escapeshellarg($a) . " " . escapeshellarg($b); 28 29system($cmd); 30 31unlink($script); 32?> 33--EXPECTF-- 34string(2) "a\" 35string(5) ""a\\"" 36string(7) "b -c d\" 37string(10) ""b -c d\\"" 38--- ARG INFO --- 39array(3) { 40 [0]=> 41 string(%d) "%sarginfo.php" 42 [1]=> 43 string(2) "a\" 44 [2]=> 45 string(7) "b -c d\" 46} 47 48