James McCoy wrote on Sat, 15 Feb 2020 13:10 -0500:
> Well, that makes this more involved... I guess the simplest option is to
> do our own scan of the string and pre-escape any whitespace before
> having apr_pescape_shell() handle the rest.
If we did that, apr_pescape_shell() would re-escape the backslashes or
quotes we'd escape spaces with.
We could split on whitespace, apr_pescape_shell() each part, then join
them back together.
On POSIX systems we could also do single-quote escaping by hand:
const char *escape(const char *s, apr_pool_t *result_pool)
{
svn_stringbuf_t *buf = svn_stringbuf_create_ensure(2 + 4 * strlen(s),
result_pool);
svn_stringbuf_appendbyte(buf, '\'');
for (const char *i = s; *i; ++i)
if (**i == '\'')
svn_stringbuf_appendcstr(buf, "'\\''");
else
svn_stringbuf_appendbyte(buf, *i);
svn_stringbuf_appendbyte(buf, '\'');
return buf->data;
}
... but then I'm not sure what to do for Windows.
We should probably propose to APR to add an API doing the kind of
escaping we need here. We'll still have to carry our own implementation
so long as we support building with versions of APR that don't have
that API, of course.
Cheers,
Daniel
