Project

General

Profile

Actions
Copy link

Bug #14429

closed

Overzealous escaping of + in Shellwords

Added by woodruffw (William Woodruff) about 6 years ago. Updated over 4 years ago.

Status:
Closed
Assignee:
knu (Akinori MUSHA)
Target version:
-
ruby -v:
ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux-gnu]
Backport:
2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
[ruby-core:85316]

Description

The Shellwords module is currently a little too conservative: + isn't a token in Bourne sh1, but Shellwords escapes it anyways.

Actual:

>> Shellwords.escape 'foo+bar' #=> "foo\\+bar"

Expected:

>> Shellwords.escape 'foo+bar' #=> "foo+bar"

I'm reporting this on ruby 2.4.3, but it looks like ruby-trunk is also affected2.

Files

shellwords-plus.patch (1.45 KB) shellwords-plus.patch jeremyevans0 (Jeremy Evans), 06/20/2019 08:26 PM
Actions
Copy link
 #1 [ruby-core:87010]

Updated by woodruffw (William Woodruff) almost 6 years ago

Ping (and confirming that this is still the case on 2.5.1p57).

Actions
Copy link
 #2 [ruby-core:93290]

Updated by jeremyevans0 (Jeremy Evans) almost 5 years ago

While the current code is not really a bug (Shellwords.escape does not guarantee to only escape when required), I agree it makes sense not to escape +. From what I read, in addition to Bourne sh, neither bash nor ksh require escaping +. Attached is a patch that removes the escaping.

Actions
Copy link
 #3

Updated by jeremyevans (Jeremy Evans) over 4 years ago

  • Status changed from Assigned to Closed

Applied in changeset git|43a16c98df392e726040f0331a3e09d00c53d513.

Do not escape + in Shellwords.escape

  • is not a character that requires escaping in Bourne sh.

Fixes [Bug #14429]

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0