symfony
diff --git a/‎src/Symfony/Component/Console/Input/ArgvInput.php
Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Component/Console/Input/ArgvInput.php
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/Symfony/Component/Console/Input/ArrayInput.php
Lines changed: 2 additions & 6 deletions b/‎src/Symfony/Component/Console/Input/ArrayInput.php
Lines changed: 2 additions & 6 deletions
diff --git a/‎src/Symfony/Component/Console/Input/Input.php
Lines changed: 10 additions & 0 deletions b/‎src/Symfony/Component/Console/Input/Input.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Console/Tests/Input/ArgvInputTest.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Console/Tests/Input/ArgvInputTest.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Console/Tests/Input/ArrayInputTest.php
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Component/Console/Tests/Input/ArrayInputTest.php
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Console/Tests/Input/StringInputTest.php
Lines changed: 3 additions & 3 deletions b/‎src/Symfony/Component/Console/Tests/Input/StringInputTest.php
Lines changed: 3 additions & 3 deletions
@@ -321,9 +321,10 @@ public function getParameterOption($values, $default = false)
     public function __toString()
     {
         $tokens = array_map(function ($token) {
-            $token = addcslashes($token, '"');
-            if (false !== strpos($token, ' ')) {
-                return '"'.$token.'"';
+            if (preg_match('{^(-[^=]+=)(.+)}', $token, $match)) {
+                return $match[1] . $this->escapeToken($match[2]);
+            } elseif ($token && $token[0] !== '-') {
+                return $this->escapeToken($token);
             }
 
             return $token;
 
@@ -119,14 +119,10 @@ public function __toString()
     {
         $params = array();
         foreach ($this->parameters as $param => $val) {
-            $val = addcslashes($val, '"');
-            if (false !== strpos($val, ' ')) {
-                $val = '"'.$val.'"';
-            }
             if ($param && '-' === $param[0]) {
-                $params[] = $param . ('' != $val ? ' '.$val : $val);
+                $params[] = $param . ('' != $val ? '='.$this->escapeToken($val) : '');
             } else {
-                $params[] = $val;
+                $params[] = $this->escapeToken($val);
             }
         }
 
 
@@ -210,4 +210,14 @@ public function hasOption($name)
     {
         return $this->definition->hasOption($name);
     }
+
+    /**
+     * Escapes a token through escapeshellarg if it contains unsafe chars
+     *
+     * @return string
+     */
+    protected function escapeToken($token)
+    {
+        return preg_match('{^[\w-]+$}', $token) ? $token : escapeshellarg($token);
+    }
 }
@@ -260,8 +260,8 @@ public function testToString()
         $input = new ArgvInput(array('cli.php', '-f', 'foo'));
         $this->assertEquals('-f foo', (string) $input);
 
-        $input = new ArgvInput(array('cli.php', '-f', '--bar=foo', 'a b c d'));
-        $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);
+        $input = new ArgvInput(array('cli.php', '-f', '--bar=foo', 'a b c d', "A\nB'C"));
+        $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d').' '.escapeshellarg("A\nB'C"), (string) $input);
     }
 
     /**
 
@@ -123,7 +123,7 @@ public function provideInvalidInput()
 
     public function testToString()
     {
-        $input = new ArrayInput(array('-f' => null, '-b' => 'bar', '--foo' => 'b a z', '--lala' => null, 'test' => 'Foo'));
-        $this->assertEquals('-f -b bar --foo "b a z" --lala Foo', (string) $input);
+        $input = new ArrayInput(array('-f' => null, '-b' => 'bar', '--foo' => 'b a z', '--lala' => null, 'test' => 'Foo', 'test2' => "A\nB'C"));
+        $this->assertEquals('-f -b=bar --foo='.escapeshellarg('b a z').' --lala Foo '.escapeshellarg("A\nB'C"), (string) $input);
     }
 }
@@ -80,9 +80,9 @@ public function testToString()
         $this->assertEquals('-f foo', (string) $input);
 
         $input = new StringInput('-f --bar=foo "a b c d"');
-        $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);
+        $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d'), (string) $input);
 
-        $input = new StringInput('-f --bar=foo \'a b c d\'');
-        $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);
+        $input = new StringInput('-f --bar=foo \'a b c d\' '."'A\nB\\'C'");
+        $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d').' '.escapeshellarg("A\nB'C"), (string) $input);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -321,9 +321,10 @@ public function getParameterOption($values, $default = false)`
`321`	`321`	`public function __toString()`
`322`	`322`	`{`
`323`	`323`	`$tokens = array_map(function ($token) {`
`324`		`- $token = addcslashes($token, '"');`
`325`		`- if (false !== strpos($token, ' ')) {`
`326`		`- return '"'.$token.'"';`
	`324`	`+ if (preg_match('{^(-[^=]+=)(.+)}', $token, $match)) {`
	`325`	`+ return $match[1] . $this->escapeToken($match[2]);`
	`326`	`+ } elseif ($token && $token[0] !== '-') {`
	`327`	`+ return $this->escapeToken($token);`
`327`	`328`	`}`
`328`	`329`
`329`	`330`	`return $token;`
Original file line number	Diff line number	Diff line change
`@@ -119,14 +119,10 @@ public function __toString()`
`119`	`119`	`{`
`120`	`120`	`$params = array();`
`121`	`121`	`foreach ($this->parameters as $param => $val) {`
`122`		`- $val = addcslashes($val, '"');`
`123`		`- if (false !== strpos($val, ' ')) {`
`124`		`- $val = '"'.$val.'"';`
`125`		`- }`
`126`	`122`	`if ($param && '-' === $param[0]) {`
`127`		`- $params[] = $param . ('' != $val ? ' '.$val : $val);`
	`123`	`+ $params[] = $param . ('' != $val ? '='.$this->escapeToken($val) : '');`
`128`	`124`	`} else {`
`129`		`- $params[] = $val;`
	`125`	`+ $params[] = $this->escapeToken($val);`
`130`	`126`	`}`
`131`	`127`	`}`
`132`	`128`
Original file line number	Diff line number	Diff line change
`@@ -210,4 +210,14 @@ public function hasOption($name)`
`210`	`210`	`{`
`211`	`211`	`return $this->definition->hasOption($name);`
`212`	`212`	`}`
	`213`	`+`
	`214`	`+ /**`
	`215`	`+ * Escapes a token through escapeshellarg if it contains unsafe chars`
	`216`	`+ *`
	`217`	`+ * @return string`
	`218`	`+ */`
	`219`	`+ protected function escapeToken($token)`
	`220`	`+ {`
	`221`	`+ return preg_match('{^[\w-]+$}', $token) ? $token : escapeshellarg($token);`
	`222`	`+ }`
`213`	`223`	`}`
Original file line number	Diff line number	Diff line change
`@@ -260,8 +260,8 @@ public function testToString()`
`260`	`260`	`$input = new ArgvInput(array('cli.php', '-f', 'foo'));`
`261`	`261`	`$this->assertEquals('-f foo', (string) $input);`
`262`	`262`
`263`		`- $input = new ArgvInput(array('cli.php', '-f', '--bar=foo', 'a b c d'));`
`264`		`- $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);`
	`263`	`+ $input = new ArgvInput(array('cli.php', '-f', '--bar=foo', 'a b c d', "A\nB'C"));`
	`264`	`+ $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d').' '.escapeshellarg("A\nB'C"), (string) $input);`
`265`	`265`	`}`
`266`	`266`
`267`	`267`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ public function provideInvalidInput()`
`123`	`123`
`124`	`124`	`public function testToString()`
`125`	`125`	`{`
`126`		`- $input = new ArrayInput(array('-f' => null, '-b' => 'bar', '--foo' => 'b a z', '--lala' => null, 'test' => 'Foo'));`
`127`		`- $this->assertEquals('-f -b bar --foo "b a z" --lala Foo', (string) $input);`
	`126`	`+ $input = new ArrayInput(array('-f' => null, '-b' => 'bar', '--foo' => 'b a z', '--lala' => null, 'test' => 'Foo', 'test2' => "A\nB'C"));`
	`127`	`+ $this->assertEquals('-f -b=bar --foo='.escapeshellarg('b a z').' --lala Foo '.escapeshellarg("A\nB'C"), (string) $input);`
`128`	`128`	`}`
`129`	`129`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,9 +80,9 @@ public function testToString()`
`80`	`80`	`$this->assertEquals('-f foo', (string) $input);`
`81`	`81`
`82`	`82`	`$input = new StringInput('-f --bar=foo "a b c d"');`
`83`		`- $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);`
	`83`	`+ $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d'), (string) $input);`
`84`	`84`
`85`		`- $input = new StringInput('-f --bar=foo \'a b c d\'');`
`86`		`- $this->assertEquals('-f --bar=foo "a b c d"', (string) $input);`
	`85`	`+ $input = new StringInput('-f --bar=foo \'a b c d\' '."'A\nB\\'C'");`
	`86`	`+ $this->assertEquals('-f --bar=foo '.escapeshellarg('a b c d').' '.escapeshellarg("A\nB'C"), (string) $input);`
`87`	`87`	`}`
`88`	`88`	`}`