Bad escaping of environment default value

[kdeldycke]

Describe the bug

A plugin whose default environment value has equal (=) sign is messing with UI rendering and shell parameter escaping.

To Reproduce

Create a plugin whose default environment variables are defined as this:

# <swiftbar.environment>[VAR_SUBMENU_LAYOUT: false, VAR_TABLE_RENDERING: true, VAR_DEFAULT_FONT: , VAR_MONOSPACE_FONT: font=Menlo size=12]</swiftbar.environment>

Expected behavior

The set of variables above are rendered in the about pop-up menu as:

You can notice right away that the VAR_DEFAULT_FONT variable doesn't have any issue being empty.

But the VAR_MONOSPACE_FONT is tricky, and is rendered as font: Menlo size=12, while I expect it to be parsed as font=Menlo size=12.

This parsing issue also propagates to the shell command line. If a menu item is setup as this:

gh | shell=/opt/homebrew/bin/brew param1=upgrade param2=gh param3=--formula font=Menlo size=12 refresh=true terminal=true alternate=true

Then clicking on it will launch a terminal which will try to execute the following command:

$ export SWIFTBAR_VERSION='2.0.1' … VAR_SUBMENU_LAYOUT='false' VAR_TABLE_RENDERING='true' VAR_DEFAULT_FONT='' VAR_MONOSPACE_FONT: font='Menlo size=12';/opt/homebrew/bin/brew upgrade gh --formula

Which will fails right away because of the VAR_MONOSPACE_FONT: font='Menlo size=12' environment variable that is badly formatted:

export: not valid in this context: VAR_MONOSPACE_FONT:

Environment:

• macOS version: 15.5
• SwiftBar version: 2.0.1

Plugin Example: This issue has been uncovered in the Meta Package Manager plugin:

• Source code: https://github.com/kdeldycke/meta-package-manager/blob/main/meta_package_manager/bar_plugin.py
• Documentation: https://kdeldycke.github.io/meta-package-manager/bar-plugin.html

Additional Context:

• [x] I don't run Bartender/Dozer/etc. or tested the issue without it running

[kdeldycke]

I tried different kinds of quoting but none allows me to bypass the bug:

• VAR_MONOSPACE_FONT: "font=Menlo size=12":

  

• VAR_MONOSPACE_FONT: 'font=Menlo size=12':

  

[melonamin]

Hey @kdeldycke, try this build please

SwiftBar 2.1.2.zip

[kdeldycke]

I can confirm that the 2.1.2 build you provided above fix the issue for the simplest case:

• Unquoted value VAR_MONOSPACE_FONT: font=Menlo size=12:

  

  $ export SWIFTBAR_VERSION='2.1.2' SWIFTBAR_BUILD='538' … VAR_MONOSPACE_FONT='font=Menlo size=12';/opt/homebrew/bin/brew upgrade gh --formula
  

But it still fails to escape the quoted strings and renders them as-is:

• Single-quoted value VAR_MONOSPACE_FONT: 'font=Menlo size=12':

  

  This variation is able to be launched in a terminal, but the variable value is concatenated as-is and results in the following CLI:

  $ export … VAR_MONOSPACE_FONT=''font=Menlo size=12'';/opt/homebrew/bin/brew upgrade gh --formula
  

  This is executed by chance, because the shell is parsing the environment variables as 4 items:

  • VAR_MONOSPACE_FONT=''
  • font=Menlo
  • size=12
  • ''

• Double-quoted value VAR_MONOSPACE_FONT: "font=Menlo size=12":

  

  This variation is not able to be launched into a terminal for some reasons, even if I can tell that the command is being executed being the scene. Which is strange as I expect it to be run as above with:

  $ export … VAR_MONOSPACE_FONT='"font=Menlo size=12"';/opt/homebrew/bin/brew upgrade gh --formula
  

[kdeldycke]

I managed to harden in my plugin my own implementation of multi-parameters parsing: https://github.com/kdeldycke/meta-package-manager/blob/da9fa1d7284aac4a02ef6bf7c656bb1504847212/meta_package_manager/bar_plugin.py#L97-L139

And here is a set of edge-cases: https://github.com/kdeldycke/meta-package-manager/blob/da9fa1d7284aac4a02ef6bf7c656bb1504847212/tests/test_bar_plugin.py#L36-L58

Maybe this can serve as inspiration.