Merge remote-tracking branch 'ogresCE/MAGETWO-42038-cron-dos' into PR_Branch

Author: mazhalai

app/code/Magento/Cron/Observer/ProcessCronQueueObserver.php

@@ -148,7 +148,9 @@ public function execute(\Magento\Framework\Event\Observer $observer)
         $jobGroupsRoot = $this->_config->getJobs();
 
         foreach ($jobGroupsRoot as $groupId => $jobsRoot) {
-            if ($this->_request->getParam('group') !== null && $this->_request->getParam('group') != $groupId) {
+            if ($this->_request->getParam('group') !== null
+                && $this->_request->getParam('group') !== '\'' . ($groupId) . '\''
+                && $this->_request->getParam('group') !== $groupId) {
                 continue;
             }
             if (($this->_request->getParam(self::STANDALONE_PROCESS_STARTED) !== '1') && (

pub/cron.php

@@ -11,18 +11,21 @@
 
 require dirname(__DIR__) . '/app/bootstrap.php';
 
-if ($_GET){
-    $opt = $_GET;
-} else {
+if (php_sapi_name() === 'cli'){
     echo "You cannot run this from the command line." . PHP_EOL .
         "Run \"php bin/magento cron:run\" instead." . PHP_EOL;
     exit(1);
+} else {
+    $opt = $_GET;
 }
 
 try {
     if (empty($opt['group'])) {
         $opt['group'] = 'default';
     }
+    foreach ($opt as $key => $value) {
+        $opt[$key] = escapeshellarg($value);
+    }
     $opt['standaloneProcessStarted'] = '0';
     $params = $_SERVER;
     $params[StoreManager::PARAM_RUN_CODE] = 'admin';