Follow up r63214, and its revert r69201. The rules were more complex than a

simple "escape all carets", see 63214 CR.
Should help Bug 13518 - <math> does not work (wrong shell escaping under Windows)

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index f4506c3..ea3bf6e 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -1415,14 +1415,19 @@ function wfEscapeShellArg( ) {
                        // Double the backslashes before any double quotes. Escape the double quotes.
                        $tokens = preg_split( '/(\\\\*")/', $arg, -1, PREG_SPLIT_DELIM_CAPTURE );
                        $arg = '';
-                       $delim = false;
+                       $iteration = 0;
                        foreach ( $tokens as $token ) {
-                               if ( $delim ) {
+                               if ( $iteration % 2 == 1 ) {
+                                       // Delimiter, a double quote preceded by zero or more slashes
                                        $arg .= str_replace( '\\', '\\\\', substr( $token, 0, -1 ) ) . '\\"';
-                               } else {
+                               } else if ( $iteration % 4 == 2 ) {
+                                       // ^ in $token will be outside quotes, need to be escaped
+                                       $arg .= str_replace( '^', '^^', $token );
+                               } else { // $iteration % 4 == 0
+                                       // ^ in $token will appear inside double quotes, so leave as is
                                        $arg .= $token;
                                }
-                               $delim = !$delim;
+                               $iteration++;
                        }
                        // Double the backslashes before the end of the string, because
                        // we will soon add a quote