Looks like the -R0 came in in 2006 via c0d6110 (in the SVN days!).

It's possible switching away from -R0 breaks something, but we should fix it some other way should that be the case.

In principle, I approve these changes, but I don't know if the test failure is one of the spurious failures or actually related to these changes.

Someone must have re-run them, I'm only seeing a codecov failures but it is short an upload so I am not worried.

@meeseeksdev please backport to v3.10.x

Owee, I'm MrMeeseeks, Look at me.

There seem to be a conflict, please backport manually. Here are approximate instructions:

1. Checkout backport branch and update it.

git checkout v3.10.x
git pull

2. Cherry pick the first parent branch of the this PR on top of the older branch:

git cherry-pick -x -m1 8ff895d0750f3b16c3214b38a91ad78029c82df7

3. You will likely have some merge/cherry-pick conflict here, fix them and commit:

git commit -am 'Backport PR #31282: SEC: Block shell escapes in latex and ps commands'

4. Push to a named branch:

git push YOURFORK v3.10.x:auto-backport-of-pr-31282-on-v3.10.x

5. Create a PR against branch v3.10.x, I would have named this PR:

"Backport PR #31282 on branch v3.10.x (SEC: Block shell escapes in latex and ps commands)"

And apply the correct labels and milestones.

Congratulations — you did some good work! Hopefully your backport PR will be tested by the continuous integration and merged soon!

Remember to remove the Still Needs Manual Backport label once the PR gets merged.

If these instructions are inaccurate, feel free to suggest an improvement.