Symfony version(s) affected: 2.8-4.3

Description

Symfony\Component\Console\Input\StringInput doesn't work with arguments escaped by escapeshellarg.

escapeshellarg on a string with single quotes will produce a closing single quote, an escaped single quote and an opening single quote:

$arg = 'Jenny\'s';
print($arg . PHP_EOL);
// Jenny's
print(escapeshellarg($arg) . PHP_EOL);
// Jenny'\''s

This is correct as per bash documentation: https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Single-Quotes

A single quote may not occur between single quotes, even when preceded by a backslash.

But this breaks StringInput as it breaks up the string in multiple tokens.

How to reproduce

$arg = escapeshellarg('Jenny\'s');
$cmd = 'command --arg=' . $arg;

var_dump($cmd);
var_dump(StringInput::tokenize($cmd));

Output:

string(26) "command --arg='Jenny'\''s'"
string(26) "command --arg='Jenny'\''s'"
array(4) {
  [0]=>
  string(7) "command"
  [1]=>
  string(11) "--arg=Jenny"
  [2]=>
  string(1) "\"
  [3]=>
  string(1) "s"
}

Possible Solution

StringInput should handle escaped characters outside of single quotes part of the string.