1--TEST--
2Bug #69646 OS command injection vulnerability in escapeshellarg()
3--SKIPIF--
4<?php
5if( substr(PHP_OS, 0, 3) != "WIN" )
6  die("skip.. Windows only");
7?>
8--FILE--
9<?php
10
11$a = 'a\\';
12$b = 'b -c d\\';
13var_dump( $a, escapeshellarg($a) );
14var_dump( $b, escapeshellarg($b) );
15
16$helper_script = <<<SCRIPT
17<?php
18
19print( "--- ARG INFO ---\n" );
20var_dump( \$argv );
21
22SCRIPT;
23
24$script = dirname(__FILE__) . DIRECTORY_SEPARATOR . "arginfo.php";
25file_put_contents($script, $helper_script);
26
27$cmd =  PHP_BINARY . " " . $script . " "  . escapeshellarg($a) . " " . escapeshellarg($b);
28
29system($cmd);
30
31unlink($script);
32?>
33--EXPECTF--
34string(2) "a\"
35string(5) ""a\\""
36string(7) "b -c d\"
37string(10) ""b -c d\\""
38--- ARG INFO ---
39array(3) {
40  [0]=>
41  string(%d) "%sarginfo.php"
42  [1]=>
43  string(2) "a\"
44  [2]=>
45  string(7) "b -c d\"
46}
47