From 545210fd081596237892c0b367fe3f4d808d15ec Mon Sep 17 00:00:00 2001
From: "C. Morgan Hamill" <me@cmhamill.org>
Date: Mon, 25 Oct 2021 19:37:35 -0700
Subject: [PATCH] Escape potentially problematic shell arguments (#4)

All three of these arguments take input, two of them take user-crafted
input, and two of the arguments pose problems for the ZSH parser, which
mistakes them for associate arrays.
---
 autoload/phabricator.vim | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/autoload/phabricator.vim b/autoload/phabricator.vim
index 7cf3525..ac01a26 100644
--- a/autoload/phabricator.vim
+++ b/autoload/phabricator.vim
@@ -97,11 +97,11 @@ function! s:request(method, order, query) abort
   let args = ['-q', '--silent']
   call extend(args, ['-H', 'Accept: application/json'])
   call extend(args, ['-A', 'vim-phabricator'])
-  call extend(args, ['-d', 'api.token=' . token])
+  call extend(args, ['-d', shellescape('api.token=' . token)])
   call extend(args, ['-d', 'queryKey=active'])
-  call extend(args, ['-d', 'order[0]=' . a:order])
+  call extend(args, ['-d', shellescape('order[0]=' . a:order)])
   if !empty(a:query)
-    call extend(args, ['-d', 'constraints[query]=core%3A~"' . a:query . '"'])
+    call extend(args, ['-d', shellescape('constraints[query]=core%3A~"' . a:query . '"')])
   endif
   call add(args, api_root . a:method)