Escape potentially problematic shell arguments (#4)

All three of these arguments take input, two of them take user-crafted input, and two of the arguments pose problems for the ZSH parser, which mistakes them for associate arrays.
jparise · Oct 26, 2021 · 545210f · 545210f
1 parent d5c0571
commit 545210f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/autoload/phabricator.vim b/autoload/phabricator.vim
@@ -97,11 +97,11 @@ function! s:request(method, order, query) abort
   let args = ['-q', '--silent']
   call extend(args, ['-H', 'Accept: application/json'])
   call extend(args, ['-A', 'vim-phabricator'])
-  call extend(args, ['-d', 'api.token=' . token])
+  call extend(args, ['-d', shellescape('api.token=' . token)])
   call extend(args, ['-d', 'queryKey=active'])
-  call extend(args, ['-d', 'order[0]=' . a:order])
+  call extend(args, ['-d', shellescape('order[0]=' . a:order)])
   if !empty(a:query)
-    call extend(args, ['-d', 'constraints[query]=core%3A~"' . a:query . '"'])
+    call extend(args, ['-d', shellescape('constraints[query]=core%3A~"' . a:query . '"')])
   endif
   call add(args, api_root . a:method)