printf %q doesn't quote blanks other than space and tab

[Stephane Chazelas]

bash treats all blank characters in the locale (except
multibyte ones, bug reported earlier) as token delimiters.

Yet printf %q only quotes space and tab, not the other ones.

For instance, on Solaris in locales using the iso8859-1
character set, 0xa0 (non-breaking space) is a single-byte blank
characters.

That has security implications because you often (generally?)
use printf %q to generate safe code to pass to eval. For instance:

$ out() { echo "Got $# arguments:"; printf '<%s>\n' "$@"; })
$ (set -x; printf -v code 'out %q' $'a\xa0b'; eval "$code")
+ printf -v code 'out %q' a�b
+ eval 'out a�b'
++ out a b
++ echo 'Got 2 arguments:'
Got 2 arguments:
++ printf '<%s>\n' a b
<a>
<b>

That "out" function was passed 2 arguments instead of the
expected 1.

The impact is limited to systems that have locales with
single-byte blank characters (beside Solaris, I don't know of
any other one).

(code above was tested with the ancient 3.2.51 on Solaris 10.
Given that "printf '%q\n' $'\u2006'" doesn't quote either on a
UTF-8 locale where that character is blank on Debian with
bash4.4beta, I assume it's the same in newer bash versions).

-- 
Stephane