Validate rsync_rsh options to prevent NUL bytes and improve argument handling

Author: antonmedv

contrib/rsync.php

@@ -115,6 +115,7 @@
 
 use Deployer\Host\Localhost;
 use Deployer\Task\Context;
+
 use function Deployer\Support\rsync_rsh;
 
 set('rsync', [

src/Command/SshCommand.php

@@ -21,6 +21,7 @@
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Question\ChoiceQuestion;
+
 use function Deployer\quote;
 
 /**

src/Support/helpers.php

@@ -254,13 +254,16 @@ function deployer_root(): string
  */
 function rsync_rsh(array $args): string
 {
-    $rsh = 'ssh ';
+    $parts = ['ssh'];
     foreach ($args as $option) {
+        if (str_contains($option, "\0")) {
+            throw new \InvalidArgumentException('rsync_rsh: NUL byte not allowed in ssh option');
+        }
         if (preg_match('/^[a-zA-Z0-9_\-=]+$/', $option)) {
-            $rsh .= ' ' . $option;
+            $parts[] = $option;
         } else {
-            $rsh .= '"' . addslashes($option) . '" ';
+            $parts[] = "'" . str_replace("'", "''", $option) . "'";
         }
     }
-    return $rsh;
+    return implode(' ', $parts);
 }