actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2026-05-14 17:35:05 +07:00
Code Issues Packages Projects Releases Wiki Activity

GHSA-pqwm-q9pv-ph8r - Fix CWE-78 [skip ci]

Browse Source 
Co-Authored-By: maki <amarrec@quarkslab.com>
This commit is contained in:
Shivam Mathur
2026-05-14 03:56:37 +05:30
parent 6eb42c595e
commit 10e197b409
11 changed files with 237 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
__tests__/config.test.ts
View File

@@ -13,4 +13,17 @@ describe('Config tests', () => {
`('checking addINIValues on $os', async ({ini_values, os, output}) => {
expect(await config.addINIValues(ini_values, os)).toContain(output);
});
it.each`
ini_values | os | output
${'disable_functions="exec,system"'} | ${'linux'} | ${'echo "disable_functions=exec,system" | sudo tee -a "${pecl_file:-${ini_file[@]}}"'}
${'disable_functions="exec,system"'} | ${'win32'} | ${'Add-Content "$php_dir\\php.ini" "disable_functions=exec,system"'}
${'a=$(id)'} | ${'linux'} | ${'echo "a=\'\\$(id)\'"'}
${'a=$(id)'} | ${'win32'} | ${'Add-Content "$php_dir\\php.ini" "a=\'`$(id)\'"'}
`(
'addINIValues survives quoted values and escapes shell metas: $ini_values, $os',
async ({ini_values, os, output}) => {
expect(await config.addINIValues(ini_values, os)).toContain(output);
}
);
});