From 68d62e670f9ccc24572f110e6c0f2e0643476678 Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Mon, 20 May 2013 22:46:14 -0400
Subject: [PATCH] Sanitize filenames before executing shell_exec

---
 console | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/console b/console
index f62a3aac..4a0c8120 100755
--- a/console
+++ b/console
@@ -16,11 +16,11 @@ define('PHPCI_DIR', dirname(__FILE__) . '/');
 if (!file_exists(PHPCI_DIR . 'vendor/autoload.php') || !file_exists(PHPCI_DIR . 'composer.phar')) {
     print 'INSTALLING: Composer' . PHP_EOL;
     file_put_contents(PHPCI_DIR . 'composerinstaller.php', file_get_contents('https://getcomposer.org/installer'));
-    shell_exec('php ' . PHPCI_DIR . 'composerinstaller.php');
+    shell_exec('php ' . escapeshellarg(PHPCI_DIR . 'composerinstaller.php'));
     unlink(PHPCI_DIR . 'composerinstaller.php');
 
     print 'RUNNING: Composer' . PHP_EOL;
-    shell_exec('php '.PHPCI_DIR.'composer.phar install');
+    shell_exec('php '.escapeshellarg(PHPCI_DIR.'composer.phar').' install');
 }
 
 require('bootstrap.php');