MAGETWO-70037: Add additional validation for console command

Author: StasKozar

dev/tests/functional/utils/command.php

@@ -14,8 +14,10 @@
 
 if (isset($_GET['command'])) {
     $command = urldecode($_GET['command']);
-    if (in_array(explode(' ', $command)[0], $commandList)) {
-        exec('php -f ../../../../bin/magento ' . $command);
+    if (!strpos($command, '&&') && !strpos($command, ';')) {
+        if (in_array(explode(' ', $command)[0], $commandList)) {
+            exec('php -f ../../../../bin/magento ' . $command);
+        }
     }
 } else {
     throw new \InvalidArgumentException("Command GET parameter is not set.");