Avoid escaping too early to prevent issues

src/Composer/Downloader/GitDownloader.php

@@ -25,12 +25,12 @@ class GitDownloader extends VcsDownloader
      */
     public function doDownload(PackageInterface $package, $path)
     {
-        $ref = escapeshellarg($package->getSourceReference());
+        $ref = $package->getSourceReference();
         $command = 'git clone %s %s && cd %2$s && git checkout %3$s && git reset --hard %3$s';
         $this->io->write("    Cloning ".$package->getSourceReference());
 
         $commandCallable = function($url) use ($ref, $path, $command) {
-            return sprintf($command, $url, escapeshellarg($path), $ref);
+            return sprintf($command, escapeshellarg($url), escapeshellarg($path), escapeshellarg($ref));
         };
 
         $this->runCommand($commandCallable, $package->getSourceUrl(), $path);
@@ -42,13 +42,12 @@ class GitDownloader extends VcsDownloader
      */
     public function doUpdate(PackageInterface $initial, PackageInterface $target, $path)
     {
-        $ref = escapeshellarg($target->getSourceReference());
-        $path = escapeshellarg($path);
+        $ref = $target->getSourceReference();
         $this->io->write("    Checking out ".$target->getSourceReference());
         $command = 'cd %s && git remote set-url origin %s && git fetch origin && git fetch --tags origin && git checkout %3$s && git reset --hard %3$s';
 
         $commandCallable = function($url) use ($ref, $path, $command) {
-            return sprintf($command, $path, $url, $ref);
+            return sprintf($command, escapeshellarg($path), escapeshellarg($url), escapeshellarg($ref));
         };
 
         $this->runCommand($commandCallable, $target->getSourceUrl());
@@ -86,7 +85,7 @@ class GitDownloader extends VcsDownloader
         if (preg_match('{^(?:https?|git)(://github.com/.*)}', $url, $match)) {
             $protocols = array('git', 'https', 'http');
             foreach ($protocols as $protocol) {
-                $url = escapeshellarg($protocol . $match[1]);
+                $url = $protocol . $match[1];
                 if (0 === $this->process->execute(call_user_func($commandCallable, $url), $handler)) {
                     return;
                 }
@@ -97,7 +96,6 @@ class GitDownloader extends VcsDownloader
             throw new \RuntimeException('Failed to checkout ' . $url .' via git, https and http protocols, aborting.' . "\n\n" . $this->process->getErrorOutput());
         }
 
-        $url = escapeshellarg($url);
         $command = call_user_func($commandCallable, $url);
         if (0 !== $this->process->execute($command, $handler)) {
             throw new \RuntimeException('Failed to execute ' . $command . "\n\n" . $this->process->getErrorOutput());

tests/Composer/Test/Downloader/GitDownloaderTest.php

@@ -92,7 +92,7 @@ class GitDownloaderTest extends \PHPUnit_Framework_TestCase
         $expectedGitCommand = $this->getCmd("git remote set-url --push origin 'git@github.com:composer/composer.git'");
         $processExecutor->expects($this->at(3))
             ->method('execute')
-            ->with($this->equalTo($expectedGitCommand))
+            ->with($this->equalTo($expectedGitCommand), $this->equalTo(null), $this->equalTo('composerPath'))
             ->will($this->returnValue(0));
 
         $downloader = $this->getDownloaderMock(null, $processExecutor);