D10249.id24659.diff
View Options

	diff --git a/src/xsprintf/PhutilCommandString.php b/src/xsprintf/PhutilCommandString.php
	--- a/src/xsprintf/PhutilCommandString.php
	+++ b/src/xsprintf/PhutilCommandString.php
	@@ -3,6 +3,7 @@
	final class PhutilCommandString extends Phobject {

	private $argv;
	+ private $powershell = false;

	public function __construct(array $argv) {
	$this->argv = $argv;
	@@ -24,11 +25,17 @@
	return $this->renderString(false);
	}

	+ public function setPowershell($powershell) {
	+ $this->powershell = $powershell;
	+ return $this;
	+ }
	+
	private function renderString($unmasked) {
	return xsprintf(
	'xsprintf_command',
	array(
	'unmasked' => $unmasked,
	+ 'powershell' => $this->powershell
	),
	$this->argv);
	}
	diff --git a/src/xsprintf/csprintf.php b/src/xsprintf/csprintf.php
	--- a/src/xsprintf/csprintf.php
	+++ b/src/xsprintf/csprintf.php
	@@ -56,6 +56,7 @@
	$next = (strlen($pattern) > $pos + 1) ? $pattern[$pos + 1] : null;

	$is_unmasked = !empty($userdata['unmasked']);
	+ $is_powershell = $userdata['powershell'];

	if ($value instanceof PhutilCommandString) {
	if ($is_unmasked) {
	@@ -102,12 +103,20 @@

	case 'R':
	if (!preg_match('(^[a-zA-Z0-9:/@._-]+$)', $value)) {
	- $value = escapeshellarg($value);
	+ if ($is_powershell) {
	+ $value = escapepowershell($value);
	+ } else {
	+ $value = escapeshellarg($value);
	+ }
	}
	$type = 's';
	break;
	case 's':
	- $value = escapeshellarg($value);
	+ if ($is_powershell) {
	+ $value = escapepowershell($value);
	+ } else {
	+ $value = escapeshellarg($value);
	+ }
	$type = 's';
	break;
	case 'P':
	@@ -120,7 +129,11 @@
	} else {
	$value = 'xxxxx';
	}
	- $value = escapeshellarg($value);
	+ if ($is_powershell) {
	+ $value = escapepowershell($value);
	+ } else {
	+ $value = escapeshellarg($value);
	+ }
	$type = 's';
	break;
	case 'C':
	@@ -130,3 +143,32 @@

	$pattern[$pos] = $type;
	}
	+
	+function escapepowershell($value) {
	+
	+ // These escape sequences are from http://ss64.com/ps/syntax-esc.html
	+
	+ // Replace backticks first.
	+ $value = str_replace('`', '``', $value);
	+
	+ // Now replace other required notations.
	+ $value = str_replace("\0", '`0', $value);
	+ $value = str_replace('\a', '`a', $value);
	+ $value = str_replace('\b', '`b', $value);
	+ $value = str_replace("\f", '`f', $value);
	+ $value = str_replace("\n", '`n', $value);
	+ $value = str_replace("\r", '`r', $value);
	+ $value = str_replace("\t", '`t', $value);
	+ $value = str_replace("\v", '`v', $value);
	+ $value = str_replace('#', '`#', $value);
	+ $value = str_replace("'", '`\'', $value);
	+ $value = str_replace('"', '`"', $value);
	+
	+ // The rule on dollar signs is mentioned further down the page, and
	+ // they only need to be escaped when using double quotes (which we are).
	+ $value = str_replace('$', '`$', $value);
	+
	+ return 'escaped powershell command';
	+
	+ return '"'.$value.'"';
	+}

File Metadata

Mime Type: text/plain
Expires: Mar 19 2025, 4:40 AM (4 w, 6 d ago)
Storage Engine: blob
Storage Format: Encrypted (AES-256-CBC)
Storage Handle: 7597595
Default Alt Text: D10249.id24659.diff (3 KB)

D10249.id24659.diff
No OneTemporary
Actions

D10249.id24659.diff
View Options

File Metadata

Event Timeline

D10249.id24659.diffNo OneTemporaryActions

D10249.id24659.diffView Options

File Metadata

Event Timeline

D10249.id24659.diff
No OneTemporary
Actions

D10249.id24659.diff
View Options