From f5e86ce7ccc8e0c0d7df2f38b6ce7756b6f55e2c Mon Sep 17 00:00:00 2001
From: Julian Ecknig <julian.ecknig@hitmeister.de>
Date: Thu, 19 May 2016 14:41:24 +0200
Subject: [PATCH] Correctly escape strings for use in executed code

Replace addcslashes(... , "'") by addcslashes(..., "'\\") everywhere in PHPSandbox.php.

This resolves #5.
---
 src/PHPSandbox.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/PHPSandbox.php b/src/PHPSandbox.php
index 7619aee..fbf5fee 100644
--- a/src/PHPSandbox.php
+++ b/src/PHPSandbox.php
@@ -6484,7 +6484,7 @@ protected function prepareVars(){
                     } else if(is_float($value)){
                         $output[] = '$' . $name . ' = ' . ($value ? $value : '0.0');
                     } else if(is_string($value)){
-                        $output[] = '$' . $name . " = '" . addcslashes($value, "'") . "'";
+                        $output[] = '$' . $name . " = '" . addcslashes($value, "'\\") . "'";
                     } else {
                         $output[] = '$' . $name . " = null";
                     }
@@ -6508,7 +6508,7 @@ protected function prepareConsts(){
                     } else if(is_float($value)){
                         $output[] = '\define(' . "'" . $name . "', " . ($value ? $value : '0.0') . ');';
                     } else if(is_string($value)){
-                        $output[] = '\define(' . "'" . $name . "', '" . addcslashes($value, "'") . "');";
+                        $output[] = '\define(' . "'" . $name . "', '" . addcslashes($value, "'\\") . "');";
                     } else {
                         $output[] = '\define(' . "'" . $name . "', null);";
                     }
@@ -7123,4 +7123,4 @@ public function __call($method, $arguments){
             trigger_error('Fatal error: Call to undefined method PHPSandbox::' . $method, E_ERROR);
             return null;
         }
-    }
\ No newline at end of file
+    }