From d3f4340a460a023656151f220f5923ec8ccf9894 Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Fri, 16 Jun 2023 13:44:06 -0400
Subject: bfstd: New wordesc() function to shell-escape strings

---
 src/bfstd.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 src/bfstd.h | 13 +++++++++++++
 2 files changed, 59 insertions(+)

(limited to 'src')

diff --git a/src/bfstd.c b/src/bfstd.c
index 4e1175f..cfff426 100644
--- a/src/bfstd.c
+++ b/src/bfstd.c
@@ -544,3 +544,49 @@ size_t xstrwidth(const char *str) {
 
 	return ret;
 }
+
+char *wordesc(const char *str) {
+	size_t len = strlen(str);
+
+	if (strcspn(str, "|&;<>()$`\\\"' \t\n*?[#˜=%") == len) {
+		// Whole string is safe
+		// https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_02
+		if (len > 0) {
+			return strdup(str);
+		} else {
+			return strdup("\"\"");
+		}
+	} else if (strcspn(str, "`$\\\"") == len) {
+		// Safe to double-quote the whole string
+		// https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_02_03
+		char *ret = malloc(len + 3);
+		if (!ret) {
+			return NULL;
+		}
+
+		char *cur = stpcpy(ret, "\"");
+		cur = stpcpy(cur, str);
+		cur = stpcpy(cur, "\"");
+		return ret;
+	}
+
+	// Every ' is replaced with '\'', so at most a 3x growth
+	char *ret = malloc(3 * len + 3);
+	if (!ret) {
+		return NULL;
+	}
+
+	char *cur = stpcpy(ret, "'");
+	while (*str) {
+		size_t chunk = strcspn(str, "'");
+		cur = stpncpy(cur, str, chunk);
+		str += chunk;
+		if (*str) {
+			cur = stpcpy(cur, "'\\''");
+			++str;
+		}
+	}
+	cur = stpcpy(cur, "'");
+
+	return ret;
+}
diff --git a/src/bfstd.h b/src/bfstd.h
index ee4cf16..750847e 100644
--- a/src/bfstd.h
+++ b/src/bfstd.h
@@ -277,4 +277,17 @@ int xstrtofflags(const char **str, unsigned long long *set, unsigned long long *
  */
 size_t xstrwidth(const char *str);
 
+// #include <wordexp.h>
+
+/**
+ * Escape a string as a single shell word.
+ *
+ * @param str
+ *         The string to escape.
+ * @return
+ *         A string that a shell would evaluate to str, dynamically allocated,
+ *         or NULL on failure.
+ */
+char *wordesc(const char *str);
+
 #endif // BFS_BFSTD_H
-- 
cgit v1.2.3