symfony · nicolas-grekas · Dec 11, 2018 · Dec 11, 2018 · stof · Dec 11, 2018
diff --git a/composer.json b/composer.json
@@ -15,7 +15,8 @@
     },
     "require-dev": {
         "composer/composer": "^1.0.2",
-        "symfony/phpunit-bridge": "^3.4.19|^4.1.8"
+        "symfony/phpunit-bridge": "^3.4.19|^4.1.8",
+        "symfony/process": "^2.8"
     },
     "autoload": {
         "psr-4": {

diff --git a/src/ScriptExecutor.php b/src/ScriptExecutor.php
@@ -19,6 +19,7 @@
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Output\StreamOutput;
 use Symfony\Component\Process\PhpExecutableFinder;
+use Symfony\Component\Process\ProcessUtils;
 
 /**
  * @author Fabien Potencier <[email protected]>
@@ -99,7 +100,7 @@ private function expandSymfonyCmd(string $cmd)
             return null;
         }
 
-        $console = escapeshellarg($this->options->get('bin-dir').'/console');
+        $console = ProcessUtils::escapeArgument($this->options->get('bin-dir').'/console');
         if ($this->io->isDecorated()) {
             $console .= ' --ansi';
         }
@@ -127,8 +128,8 @@ private function expandPhpScript(string $cmd): string
             $arguments[] = '--php-ini='.$ini;
         }
 
-        $phpArgs = implode(' ', array_map('escapeshellarg', $arguments));
+        $phpArgs = implode(' ', array_map([ProcessUtils::class, 'escapeArgument'], $arguments));
 
-        return escapeshellarg($php).($phpArgs ? ' '.$phpArgs : '').' '.$cmd;
+        return ProcessUtils::escapeArgument($php).($phpArgs ? ' '.$phpArgs : '').' '.$cmd;
     }
 }