bug symfony#10448 [2.3][Process] Fix quoted arguments escaping (romainneutron)

fabpot · fabpot · commit fe91a2ca62a0 · 2014-03-14T12:05:38.000+01:00
This PR was merged into the 2.3 branch. Discussion ---------- [2.3][Process] Fix quoted arguments escaping | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | License | MIT This PR replaces symfony#8972 Commits ------- de681cb [Process] Add tests on ProcessUtils::escapeArgument 85fb495 [Process] Fix: Arguments including space and quote are not correctly escaped (win)
diff --git a/src/Symfony/Component/Process/ProcessUtils.php b/src/Symfony/Component/Process/ProcessUtils.php
@@ -46,6 +46,7 @@ public static function escapeArgument($argument)
             }
 
             $escapedArgument = '';
+            $quote =  false;
             foreach (preg_split('/([%"])/i', $argument, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE) as $part) {
                 if ('"' === $part) {
                     $escapedArgument .= '\\"';
@@ -55,9 +56,17 @@ public static function escapeArgument($argument)
                     if ('\\' === substr($part, -1)) {
                         $part .= '\\';
                     }
-                    $escapedArgument .= escapeshellarg($part);
+                    $part = escapeshellarg($part);
+                    if ('"' === $part[0] && '"' === $part[strlen($part) - 1]) {
+                        $part = substr($part, 1, -1);
+                        $quote = true;
+                    }
+                    $escapedArgument .= $part;
                 }
             }
+            if ($quote) {
+                $escapedArgument = '"'.$escapedArgument.'"';
+            }
 
             return $escapedArgument;
         }
diff --git a/src/Symfony/Component/Process/Tests/ProcessUtilsTest.php b/src/Symfony/Component/Process/Tests/ProcessUtilsTest.php
@@ -27,6 +27,7 @@ public function dataArguments()
     {
         if (defined('PHP_WINDOWS_VERSION_BUILD')) {
             return array(
+                array('"\"php\" \"-v\""', '"php" "-v"'),
                 array('"foo bar"', 'foo bar'),
                 array('^%"path"^%', '%path%'),
                 array('"<|>"\\"" "\\""\'f"', '<|>" "\'f'),
@@ -36,6 +37,7 @@ public function dataArguments()
         }
 
         return array(
+            array("'\"php\" \"-v\"'", '"php" "-v"'),
             array("'foo bar'", 'foo bar'),
             array("'%path%'", '%path%'),
             array("'<|>\" \"'\\''f'", '<|>" "\'f'),

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ public static function escapeArgument($argument)`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`$escapedArgument = '';`
	`49`	`+ $quote = false;`
`49`	`50`	`foreach (preg_split('/([%"])/i', $argument, -1, PREG_SPLIT_NO_EMPTY \| PREG_SPLIT_DELIM_CAPTURE) as $part) {`
`50`	`51`	`if ('"' === $part) {`
`51`	`52`	`$escapedArgument .= '\\"';`
`@@ -55,9 +56,17 @@ public static function escapeArgument($argument)`
`55`	`56`	`if ('\\' === substr($part, -1)) {`
`56`	`57`	`$part .= '\\';`
`57`	`58`	`}`
`58`		`- $escapedArgument .= escapeshellarg($part);`
	`59`	`+ $part = escapeshellarg($part);`
	`60`	`+ if ('"' === $part[0] && '"' === $part[strlen($part) - 1]) {`
	`61`	`+ $part = substr($part, 1, -1);`
	`62`	`+ $quote = true;`
	`63`	`+ }`
	`64`	`+ $escapedArgument .= $part;`
`59`	`65`	`}`
`60`	`66`	`}`
	`67`	`+ if ($quote) {`
	`68`	`+ $escapedArgument = '"'.$escapedArgument.'"';`
	`69`	`+ }`
`61`	`70`
`62`	`71`	`return $escapedArgument;`
`63`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ public function dataArguments()`
`27`	`27`	`{`
`28`	`28`	`if (defined('PHP_WINDOWS_VERSION_BUILD')) {`
`29`	`29`	`return array(`
	`30`	`+ array('"\"php\" \"-v\""', '"php" "-v"'),`
`30`	`31`	`array('"foo bar"', 'foo bar'),`
`31`	`32`	`array('^%"path"^%', '%path%'),`
`32`	`33`	`array('"<\|>"\\"" "\\""\'f"', '<\|>" "\'f'),`
`@@ -36,6 +37,7 @@ public function dataArguments()`
`36`	`37`	`}`
`37`	`38`
`38`	`39`	`return array(`
	`40`	`+ array("'\"php\" \"-v\"'", '"php" "-v"'),`
`39`	`41`	`array("'foo bar'", 'foo bar'),`
`40`	`42`	`array("'%path%'", '%path%'),`
`41`	`43`	`array("'<\|>\" \"'\\''f'", '<\|>" "\'f'),`