Project

General

Profile

Bug #14429

Overzealous escaping of + in Shellwords

Added by woodruffw (William Woodruff) over 1 year ago. Updated 18 days ago.

Status:
Closed
Priority:
Normal
Target version:
-
ruby -v:
ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux-gnu]
[ruby-core:85316]

Description

The Shellwords module is currently a little too conservative: + isn't a token in Bourne sh1, but Shellwords escapes it anyways.

Actual:

>> Shellwords.escape 'foo+bar' #=> "foo\\+bar"

Expected:

>> Shellwords.escape 'foo+bar' #=> "foo+bar"

I'm reporting this on ruby 2.4.3, but it looks like ruby-trunk is also affected2.


Files

shellwords-plus.patch (1.45 KB) shellwords-plus.patch jeremyevans0 (Jeremy Evans), 06/20/2019 08:26 PM

Associated revisions

Revision 43a16c98
Added by jeremyevans (Jeremy Evans) 18 days ago

Do not escape + in Shellwords.escape

  • is not a character that requires escaping in Bourne sh.

Fixes [Bug #14429]

History

Updated by woodruffw (William Woodruff) over 1 year ago

Ping (and confirming that this is still the case on 2.5.1p57).

Updated by jeremyevans0 (Jeremy Evans) 4 months ago

While the current code is not really a bug (Shellwords.escape does not guarantee to only escape when required), I agree it makes sense not to escape +. From what I read, in addition to Bourne sh, neither bash nor ksh require escaping +. Attached is a patch that removes the escaping.

#3

Updated by jeremyevans (Jeremy Evans) 18 days ago

  • Status changed from Assigned to Closed

Applied in changeset git|43a16c98df392e726040f0331a3e09d00c53d513.


Do not escape + in Shellwords.escape

  • is not a character that requires escaping in Bourne sh.

Fixes [Bug #14429]

Also available in: Atom PDF