automatic escaping of external program parameters

[devster31]

What is the problem

running external command relies on correctly escaping the parameters in the qBittorrent.conf file, for example like so:

[AutoRun]
enabled=true
program=/scripts/qbittorrent-postprocess -N '%N' -L '%L' -G '%G' -F '%F' -R '%R' -D '%D' -C '%C' -Z '%Z' -T '%T' -I '%I'

I believe this is very prone to errors and breakable upon edge cases.

What is the expected behavior

I would propose incorporating a function to automatically escape these arguments based on the correct shell. PHP has a such a function (escapeshellargs), written in C, which could serve as a basis. https://github.com/php/php-src/blob/73a59eff52e92b1c8ede73df3de3eb602f65f14f/ext/standard/exec.c#L392-L475 This would eliminate the need for manual escaping.

qBittorrent version and Operating System

Package: qbittorrent-nox
Version: 4.1.5.99~201903251247-6693-8f6c305~ubuntu18.04.1

deb package from official launchpad repository

Linux 7b15f1b8ed68 4.15.0-46-generic #49-Ubuntu SMP Wed Feb 6 09:33:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

running inside docker container.

[devster31]

Qt actually already seems to have some of these functions: https://code.qt.io/cgit/qt/qtbase.git/tree/qmake/library/qmakebuiltins.cpp#n1206 and reference the original bit https://code.qt.io/cgit/qt/qtbase.git/tree/qmake/library/ioutils.cpp#n136 onwards for quoting shell arguments, and simpler https://code.qt.io/cgit/qt/qtbase.git/tree/qmake/library/qmakebuiltins.cpp#n1183 for shell paths