From 993942ba544276a959089f9dad7510644fbff7cd Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Mon, 29 Feb 2016 14:04:54 +0000
Subject: [PATCH] Escape quotes and backslashes for safety

---
 src/Composer/Plugin/PluginManager.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Composer/Plugin/PluginManager.php b/src/Composer/Plugin/PluginManager.php
index a0e199f06..e48f0fd1a 100644
--- a/src/Composer/Plugin/PluginManager.php
+++ b/src/Composer/Plugin/PluginManager.php
@@ -172,9 +172,9 @@ class PluginManager
                 $path = $classLoader->findFile($class);
                 $code = file_get_contents($path);
                 $code = preg_replace('{^((?:final\s+)?(?:\s*))class\s+(\S+)}mi', '$1class $2_composer_tmp'.self::$classCounter, $code);
-                $code = str_replace('__FILE__', "'$path'", $code);
-                $code = str_replace('__DIR__', "'".dirname($path)."'", $code);
-                $code = str_replace('__CLASS__', "'$class'", $code);
+                $code = str_replace('__FILE__', "'".str_replace(array('\\', "'"), array('\\\\', "\\'"), $path)."'", $code);
+                $code = str_replace('__DIR__', "'".str_replace(array('\\', "'"), array('\\\\', "\\'"), dirname($path))."'", $code);
+                $code = str_replace('__CLASS__', "'".str_replace(array('\\', "'"), array('\\\\', "\\'"), $class)."'", $code);
                 eval('?>'.$code);
                 $class .= '_composer_tmp'.self::$classCounter;
                 self::$classCounter++;