Skip to content
Permalink
Browse files
Escape arguments when required when generating qgis_process commands
  • Loading branch information
nyalldawson committed Dec 21, 2021
1 parent d7a1256 commit a35772074aba48b87d797cbe472b05bb5b37e877
Showing with 34 additions and 2 deletions.
  1. +21 −2 src/core/processing/qgsprocessingalgorithm.cpp
  2. +13 −0 tests/src/analysis/testqgsprocessing.cpp
@@ -30,7 +30,8 @@
#include "qgsmeshlayer.h"
#include "qgspointcloudlayer.h"
#include "qgsexpressioncontextutils.h"

#include <QRegularExpression>
#include <QRegularExpressionMatch>

QgsProcessingAlgorithm::~QgsProcessingAlgorithm()
{
@@ -321,6 +322,22 @@ QString QgsProcessingAlgorithm::asQgisProcessCommand( const QVariantMap &paramet

parts.append( context.asQgisProcessArguments( argumentFlags ) );

auto escapeIfNeeded = []( const QString & input ) -> QString
{
// play it safe and escape everything UNLESS it's purely alphanumeric characters (and a very select scattering of other common characters!)
const thread_local QRegularExpression nonAlphaNumericRx( QStringLiteral( "[^a-zA-Z0-9.\\-/_]" ) );
if ( nonAlphaNumericRx.match( input ).hasMatch() )
{
QString escaped = input;
escaped.replace( '\'', QStringLiteral( "'\\''" ) );
return QStringLiteral( "'%1'" ).arg( escaped );
}
else
{
return input;
}
};

for ( const QgsProcessingParameterDefinition *def : mParameters )
{
if ( def->flags() & QgsProcessingParameterDefinition::FlagHidden )
@@ -334,7 +351,9 @@ QString QgsProcessingAlgorithm::asQgisProcessCommand( const QVariantMap &paramet
return QString();

for ( const QString &partValue : partValues )
parts << QStringLiteral( "--%1=%2" ).arg( def->name(), partValue );
{
parts << QStringLiteral( "--%1=%2" ).arg( def->name(), escapeIfNeeded( partValue ) );
}
}

return parts.join( ' ' );
@@ -387,6 +387,19 @@ class DummyAlgorithm : public QgsProcessingAlgorithm
params.insert( "p2", QVariant::fromValue( QRectF( 0, 1, 2, 3 ) ) );
QCOMPARE( asQgisProcessCommand( params, context, ok ), QString() );
QVERIFY( !ok );

// strings which require escaping
params.insert( "p2", QStringLiteral( "this is a test" ) );
QCOMPARE( asQgisProcessCommand( params, context, ok ), QStringLiteral( "qgis_process run test --distance_units=meters --p1=a --p2='this is a test'" ) );
QVERIFY( ok );

params.insert( "p2", QStringLiteral( "thisisa|test" ) );
QCOMPARE( asQgisProcessCommand( params, context, ok ), QStringLiteral( "qgis_process run test --distance_units=meters --p1=a --p2='thisisa|test'" ) );
QVERIFY( ok );

params.insert( "p2", QStringLiteral( "thisisa'test" ) );
QCOMPARE( asQgisProcessCommand( params, context, ok ), QStringLiteral( "qgis_process run test --distance_units=meters --p1=a --p2='thisisa'\\''test'" ) );
QVERIFY( ok );
}

void runAsAsJsonMapChecks()

0 comments on commit a357720

Please sign in to comment.