From 80367584910885baa1a2a4476a4a31efdcf0c9c0 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 31 May 2015 22:53:35 -0700
Subject: Fix bug #69646	OS command injection vulnerability in escapeshellarg

---
 ext/standard/exec.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index d6938a4809..d0b1e01e16 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -380,6 +380,14 @@ PHPAPI char *php_escape_shell_arg(char *str)
 		}
 	}
 #ifdef PHP_WIN32
+	if (y > 0 && '\\' == cmd[y - 1]) {
+		int k = 0, n = y - 1;
+		for (; n >= 0 && '\\' == cmd[n]; n--, k++);
+		if (k % 2) {
+			cmd[y++] = '\\';
+		}
+	}
+
 	cmd[y++] = '"';
 #else
 	cmd[y++] = '\'';
-- 
cgit v1.2.1