From 2fc449004986ad078c7aabd3e42ee0063f46c470 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Mon, 6 Feb 2006 23:50:45 +0000 Subject: [PATCH] Proper windows escaping in wfEscapeShellArg() --- includes/GlobalFunctions.php | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 7a46e5a301..f5e6486ac2 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -956,7 +956,28 @@ function wfEscapeShellArg( ) { } if ( wfIsWindows() ) { - $retVal .= '"' . str_replace( '"','\"', $arg ) . '"'; + // Escaping for an MSVC-style command line parser + // Ref: http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html + // Double the backslashes before any double quotes. Escape the double quotes. + $tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE ); + $arg = ''; + $delim = false; + foreach ( $tokens as $token ) { + if ( $delim ) { + $arg .= str_replace( '\\', '\\\\', substr( $token, 0, -1 ) ) . '\\"'; + } else { + $arg .= $token; + } + $delim = !$delim; + } + // Double the backslashes before the end of the string, because + // we will soon add a quote + if ( preg_match( '/^(.*?)(\\\\+)$/', $arg, $m ) ) { + $arg = $m[1] . str_replace( '\\', '\\\\', $m[2] ); + } + + // Add surrounding quotes + $retVal .= '"' . $arg . '"'; } else { $retVal .= escapeshellarg( $arg ); } -- 2.20.1