Strengthen RegEx for tokenization of argument strings

Closes #3414601

src/EventSubscriber/ImagemagickEventSubscriber.php

@@ -156,8 +156,20 @@ class ImagemagickEventSubscriber implements EventSubscriberInterface {
   protected function prependArguments(ImagemagickExecArguments $arguments) {
     // Add prepended arguments if needed.
     if ($prepend = $this->imagemagickSettings->get('prepend')) {
-      preg_match_all('/[^\s]+/m', $prepend, $tokens);
-      $arguments->add($tokens[0], ArgumentMode::PreSource, 0);
+      // Split the prepend string in multiple space-separated tokens. Quotes,
+      // both " and ', can delimit tokens with spaces inside. Such tokens can
+      // contain escaped quotes too.
+      // @see https://stackoverflow.com/questions/366202/regex-for-splitting-a-string-using-space-when-not-surrounded-by-single-or-double
+      // @see https://stackoverflow.com/questions/6525556/regular-expression-to-match-escaped-characters-quotes
+      $re = '/[^\s"\']+|"([^"\\\\]*(?:\\\\.[^"\\\\]*)*)"|\'([^\'\\\\]*(?:\\\\.[^\'\\\\]*)*)\'/m';
+      preg_match_all($re, $prepend, $tokens, PREG_SET_ORDER);
+      $args = [];
+      foreach ($tokens as $token) {
+        // The escape character needs to be removed, Symfony Process will
+        // escape the quote character again.
+        $args[] = str_replace("\\", "", end($token));
+      }
+      $arguments->add($args, ArgumentMode::PreSource, 0);
     }
   }