emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] emacs-25 178b2f5: Note combine-and-quote-strings doesn't s

From: Noam Postavsky
Subject: [Emacs-diffs] emacs-25 178b2f5: Note combine-and-quote-strings doesn't shell quote
Date: Sun, 3 Jul 2016 19:07:42 +0000 (UTC) 
branch: emacs-25
commit 178b2f590982e37991bc72b08a9e02b64d750601
Author: Noam Postavsky <address@hidden>
Commit: Noam Postavsky <address@hidden>

    Note combine-and-quote-strings doesn't shell quote
    
    * doc/lispref/processes.texi (Shell Arguments):
    * lisp/subr.el (combine-and-quote-strings): Add a note that
    combine-and-quote-strings doesn't protect arguments against shell
    evaluation (Bug #20333).
---
 doc/lispref/processes.texi |    5 +++++
 lisp/subr.el               |    5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 5bd0b11..b4542f6 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, 
into a list of
 string arguments to be passed to @code{call-process} or
 @code{start-process}, or for converting such lists of arguments into
 a single Lisp string to be presented in the minibuffer or echo area.
+Note that if a shell is involved (e.g., if using
address@hidden), arguments should still be
+protected by @code{shell-quote-argument};
address@hidden is @emph{not} intended to protect
+special characters from shell evaluation.
 
 @defun split-string-and-unquote string &optional separators
 This function splits @var{string} into substrings at matches for the
diff --git a/lisp/subr.el b/lisp/subr.el
index ed2166a..e9e19d3 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -3706,7 +3706,10 @@ Modifies the match data; use `save-match-data' if 
necessary."
   "Concatenate the STRINGS, adding the SEPARATOR (default \" \").
 This tries to quote the strings to avoid ambiguity such that
   (split-string-and-unquote (combine-and-quote-strings strs)) == strs
-Only some SEPARATORs will work properly."
+Only some SEPARATORs will work properly.
+
+Note that this is not intended to protect STRINGS from
+interpretation by shells, use `shell-quote-argument' for that."
   (let* ((sep (or separator " "))
          (re (concat "[\\\"]" "\\|" (regexp-quote sep))))
     (mapconcat
reply via email to
[Prev in Thread] Current Thread [Next in Thread]