From 202701c391c8220b31fc6c9da6eaf5fea20b1f94 Mon Sep 17 00:00:00 2001
From: Gordon Franke <info@nevalon.de>
Date: Thu, 9 Jan 2014 13:12:10 +0100
Subject: [PATCH] Escape env value before passing it to system call

---
 src/Composer/Command/ConfigCommand.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Composer/Command/ConfigCommand.php b/src/Composer/Command/ConfigCommand.php
index 629cb7fec..89aa072ba 100644
--- a/src/Composer/Command/ConfigCommand.php
+++ b/src/Composer/Command/ConfigCommand.php
@@ -132,7 +132,7 @@ EOT
     {
         // Open file in editor
         if ($input->getOption('editor')) {
-            $editor = getenv('EDITOR');
+            $editor = escapeshellcmd(getenv('EDITOR'));
             if (!$editor) {
                 if (defined('PHP_WINDOWS_VERSION_BUILD')) {
                     $editor = 'notepad';