From 1290a23a7590c4979bd3d8069a486e5dfaa832f4 Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@users.noreply.github.com>
Date: Tue, 26 Aug 2025 02:07:12 -0400
Subject: [PATCH 1/3] Avoid excessive escaping for the junit.xml path

---
 report.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/report.php b/report.php
index b690f76..599faa0 100644
--- a/report.php
+++ b/report.php
@@ -76,7 +76,7 @@
  * safely used in shell commands.
  */
 log_message('Copying junit.xml results');
-$junit_location = escapeshellarg( $WPT_TEST_DIR ) . '/tests/phpunit/build/logs/*';
+$junit_location = $WPT_TEST_DIR . '/tests/phpunit/build/logs/*';
 
 /**
  * Modifies the junit.xml results file path for a remote location if an SSH connection is available.
@@ -86,7 +86,7 @@
  * remote path to ensure that the junit.xml results can be accessed or copied over SSH.
  */
 if ( ! empty( $WPT_SSH_CONNECT ) ) {
-	$junit_location = '-e "ssh ' . $WPT_SSH_OPTIONS . '" ' . escapeshellarg( $WPT_SSH_CONNECT . ':' . $junit_location );
+	$junit_location = '-e "ssh ' . $WPT_SSH_OPTIONS . '" ' . escapeshellarg( $WPT_SSH_CONNECT ) . ':' . escapeshellarg( $junit_location );
 }
 
 /**

From c34f20a75427b0400cafc738dea2e8a59c7dff73 Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@users.noreply.github.com>
Date: Tue, 26 Aug 2025 02:29:43 -0400
Subject: [PATCH 2/3] Guard against excessive escaping for test commands

---
 test.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test.php b/test.php
index 18b3f4f..2bff6dd 100644
--- a/test.php
+++ b/test.php
@@ -70,13 +70,15 @@
  * avoid reporting useless tests.
  */
 $WPT_PHPUNIT_CMD = trim( getenv( 'WPT_PHPUNIT_CMD' ) );
-if( empty( $WPT_PHPUNIT_CMD ) ) {
+if ( empty( $WPT_PHPUNIT_CMD ) ) {
 	$WPT_PHPUNIT_CMD = 'cd ' . escapeshellarg( $WPT_TEST_DIR ) . ' && ' . $WPT_PHP_EXECUTABLE . ' ./vendor/phpunit/phpunit/phpunit --dont-report-useless-tests' . $WPT_FLAVOR_TXT . $WPT_EXTRATESTS_TXT;
+} else {
+	$WPT_PHPUNIT_CMD = escapeshellarg( $WPT_PHPUNIT_CMD );
 }
 
 // If an SSH connection string is provided, prepend the SSH command to the PHPUnit execution command.
 if ( ! empty( $WPT_SSH_CONNECT ) ) {
-	$WPT_PHPUNIT_CMD = 'ssh ' . $WPT_SSH_OPTIONS . ' ' . escapeshellarg( $WPT_SSH_CONNECT ) . ' ' . escapeshellarg( $WPT_PHPUNIT_CMD );
+	$WPT_PHPUNIT_CMD = 'ssh ' . $WPT_SSH_OPTIONS . ' ' . escapeshellarg( $WPT_SSH_CONNECT ) . ' ' . $WPT_PHPUNIT_CMD;
 }
 
 // Execute the PHPUnit command.

From cb08c8c9eeb553b295b4b1f669e4b4643f456a6a Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@users.noreply.github.com>
Date: Tue, 26 Aug 2025 02:51:04 -0400
Subject: [PATCH 3/3] Escape the entire command.

---
 test.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test.php b/test.php
index 2bff6dd..c1e4173 100644
--- a/test.php
+++ b/test.php
@@ -71,7 +71,7 @@
  */
 $WPT_PHPUNIT_CMD = trim( getenv( 'WPT_PHPUNIT_CMD' ) );
 if ( empty( $WPT_PHPUNIT_CMD ) ) {
-	$WPT_PHPUNIT_CMD = 'cd ' . escapeshellarg( $WPT_TEST_DIR ) . ' && ' . $WPT_PHP_EXECUTABLE . ' ./vendor/phpunit/phpunit/phpunit --dont-report-useless-tests' . $WPT_FLAVOR_TXT . $WPT_EXTRATESTS_TXT;
+	$WPT_PHPUNIT_CMD = escapeshellarg( 'cd ' . $WPT_TEST_DIR . ' && ' . $WPT_PHP_EXECUTABLE . ' ./vendor/phpunit/phpunit/phpunit --dont-report-useless-tests' . $WPT_FLAVOR_TXT . $WPT_EXTRATESTS_TXT );
 } else {
 	$WPT_PHPUNIT_CMD = escapeshellarg( $WPT_PHPUNIT_CMD );
 }