|
| 1 | +From 33523981f61acf8e2a389f90031c6524576a18d9 Mon Sep 17 00:00:00 2001 |
| 2 | +From: AllSpark <allspark@microsoft.com> |
| 3 | +Date: Fri, 1 May 2026 17:09:03 +0000 |
| 4 | +Subject: [PATCH] Remove control characters when quoting args |
| 5 | + |
| 6 | +Using these characters can lead to unexpected results. |
| 7 | + |
| 8 | +Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> |
| 9 | +Upstream-reference: AI Backport of https://invent.kde.org/frameworks/kcoreaddons/-/commit/6153c9ae025fa570174bb4a143df38fa2f46606b.patch |
| 10 | +--- |
| 11 | + autotests/kshelltest.cpp | 10 +++++++++- |
| 12 | + src/lib/util/kshell_unix.cpp | 15 ++++++++++----- |
| 13 | + 2 files changed, 19 insertions(+), 6 deletions(-) |
| 14 | + |
| 15 | +diff --git a/autotests/kshelltest.cpp b/autotests/kshelltest.cpp |
| 16 | +index e08bb91..afed14d 100644 |
| 17 | +--- a/autotests/kshelltest.cpp |
| 18 | ++++ b/autotests/kshelltest.cpp |
| 19 | +@@ -78,6 +78,14 @@ void KShellTest::quoteArg() |
| 20 | + QCOMPARE(KShell::quoteArg(QStringLiteral("a % space")), QStringLiteral("\"a %PERCENT_SIGN% space\"")); |
| 21 | + #else |
| 22 | + QCOMPARE(KShell::quoteArg(QStringLiteral("a space")), QStringLiteral("'a space'")); |
| 23 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("a\x01")), QStringLiteral("a")); |
| 24 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("\x01")), QStringLiteral("''")); |
| 25 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("a\x02")), QStringLiteral("a")); |
| 26 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("a\x7f")), QStringLiteral("a")); |
| 27 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("🫠")), QStringLiteral("🫠")); |
| 28 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("👩👩👧👦")), QStringLiteral("👩👩👧👦")); |
| 29 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("ひらがな")), QStringLiteral("ひらがな")); |
| 30 | ++ QCOMPARE(KShell::quoteArg(QStringLiteral("ひらがな\x1")), QStringLiteral("ひらがな")); |
| 31 | + #endif |
| 32 | + } |
| 33 | + |
| 34 | +@@ -123,7 +131,7 @@ void KShellTest::splitJoin() |
| 35 | + QVERIFY(err == KShell::NoError); |
| 36 | + #else |
| 37 | + QCOMPARE(sj(QString::fromUtf8("\"~qU4rK\" 'text' 'jo'\"jo\" $'crap' $'\\\\\\'\\e\\x21' ha\\ lo \\a"), KShell::NoOptions, &err), |
| 38 | +- QString::fromUtf8("'~qU4rK' text jojo crap '\\'\\''\x1b!' 'ha lo' a")); |
| 39 | ++ QString::fromUtf8("'~qU4rK' text jojo crap '\\'\\''!' 'ha lo' a")); |
| 40 | + QVERIFY(err == KShell::NoError); |
| 41 | + |
| 42 | + QCOMPARE(sj(QStringLiteral("\"~qU4rK\" 'text'"), KShell::TildeExpand, &err), QStringLiteral("'~qU4rK' text")); |
| 43 | +diff --git a/src/lib/util/kshell_unix.cpp b/src/lib/util/kshell_unix.cpp |
| 44 | +index 616c7c1..61c0aad 100644 |
| 45 | +--- a/src/lib/util/kshell_unix.cpp |
| 46 | ++++ b/src/lib/util/kshell_unix.cpp |
| 47 | +@@ -294,14 +294,19 @@ inline static bool isSpecial(QChar cUnicode) |
| 48 | + |
| 49 | + QString KShell::quoteArg(const QString &arg) |
| 50 | + { |
| 51 | +- if (!arg.length()) { |
| 52 | ++ auto quoted = arg; |
| 53 | ++ quoted.removeIf([](const QChar &input) { |
| 54 | ++ return input.category() == QChar::Other_Control; |
| 55 | ++ }); |
| 56 | ++ if (quoted.isEmpty()) { |
| 57 | + return QStringLiteral("''"); |
| 58 | + } |
| 59 | +- for (int i = 0; i < arg.length(); i++) { |
| 60 | +- if (isSpecial(arg.unicode()[i])) { |
| 61 | ++ |
| 62 | ++ for (int i = 0; i < quoted.length(); i++) { |
| 63 | ++ if (isSpecial(quoted.unicode()[i])) { |
| 64 | + QChar q(QLatin1Char('\'')); |
| 65 | +- return q + QString(arg).replace(q, QLatin1String("'\\''")) + q; |
| 66 | ++ return q + QString(quoted).replace(q, QLatin1String("'\\''")) + q; |
| 67 | + } |
| 68 | + } |
| 69 | +- return arg; |
| 70 | ++ return quoted; |
| 71 | + } |
| 72 | +-- |
| 73 | +2.45.4 |
| 74 | + |
0 commit comments