From fe9c230b7fdb2e1560449a553def0f7002a1cdd9 Mon Sep 17 00:00:00 2001
From: Daniel Colascione <dan.colascione@gmail.com>
Date: Tue, 26 Apr 2011 21:19:15 -0700
Subject: [PATCH] * cmdproxy.c (try_dequote_cmdline): Notice variable
 substitutions in quoted strings and bail out.

---
 nt/ChangeLog  |  5 +++++
 nt/cmdproxy.c | 18 ++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/nt/ChangeLog b/nt/ChangeLog
index 2d6f8b61e19..0d03d508557 100644
--- a/nt/ChangeLog
+++ b/nt/ChangeLog
@@ -1,3 +1,8 @@
+2011-04-27  Daniel Colascione  <dan.colascione@gmail.com>
+
+	* cmdproxy.c (try_dequote_cmdline): Notice variable substitutions
+	inside quotation marks and bail out.
+
 2011-04-26  Daniel Colascione <dan.colascione@gmail.com>
 
 	* cmdproxy.c (try_dequote_cmdline): New function.
diff --git a/nt/cmdproxy.c b/nt/cmdproxy.c
index fe128fd17c4..8c39694decc 100644
--- a/nt/cmdproxy.c
+++ b/nt/cmdproxy.c
@@ -362,10 +362,20 @@ try_dequote_cmdline (char* cmdline)
           state = NORMAL;
           break;
         case INSIDE_QUOTE:
-          *new_pos++ = c;
-          if (c == '"')
-            state = NORMAL;
-          
+          switch (c)
+            {
+            case '"':
+              *new_pos++ = c;
+              state = NORMAL;
+              break;
+            case '%':
+            case '!':
+              /* Variable substitution inside quote.  Bail out.  */
+              return 0;
+            default:
+              *new_pos++ = c;
+              break;
+            }
           break;
         }
     }
-- 
2.11.4.GIT