From edd93a6a64664e7baae3a61ab1ade904a68beff9 Mon Sep 17 00:00:00 2001
From: Paul Higinbotham <paulhi@microsoft.com>
Date: Tue, 15 Sep 2020 13:51:15 -0700
Subject: [PATCH] Fix code injection bug

---
 src/PowerShellGet/private/functions/Ping-Endpoint.ps1 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/PowerShellGet/private/functions/Ping-Endpoint.ps1 b/src/PowerShellGet/private/functions/Ping-Endpoint.ps1
index 88216e86..2096cb08 100644
--- a/src/PowerShellGet/private/functions/Ping-Endpoint.ps1
+++ b/src/PowerShellGet/private/functions/Ping-Endpoint.ps1
@@ -77,12 +77,14 @@ function Ping-Endpoint
         $iss.formats.clear()
         $iss.LanguageMode = "FullLanguage"
 
+        $EndPoint = [System.Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent($EndPoint)
+
         $WebRequestcmd =  @'
             param($Credential, $WebProxy)
 
             try
             {{
-                $request = [System.Net.WebRequest]::Create("{0}")
+                $request = [System.Net.WebRequest]::Create('{0}')
                 $request.Method = 'GET'
                 $request.Timeout = 30000
                 if($Credential)