From: Noam Postavsky Date: Sun, 3 Jul 2016 13:56:36 +0000 (-0400) Subject: Note combine-and-quote-strings doesn't shell quote X-Git-Tag: emacs-25.1-rc1~44 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=178b2f5;p=emacs.git Note combine-and-quote-strings doesn't shell quote * doc/lispref/processes.texi (Shell Arguments): * lisp/subr.el (combine-and-quote-strings): Add a note that combine-and-quote-strings doesn't protect arguments against shell evaluation (Bug #20333). --- diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 5bd0b11cda0..b4542f65cc1 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi @@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, into a list of string arguments to be passed to @code{call-process} or @code{start-process}, or for converting such lists of arguments into a single Lisp string to be presented in the minibuffer or echo area. +Note that if a shell is involved (e.g., if using +@code{call-process-shell-command}), arguments should still be +protected by @code{shell-quote-argument}; +@code{combine-and-quote-strings} is @emph{not} intended to protect +special characters from shell evaluation. @defun split-string-and-unquote string &optional separators This function splits @var{string} into substrings at matches for the diff --git a/lisp/subr.el b/lisp/subr.el index ed2166a0ee2..e9e19d35f65 100644 --- a/lisp/subr.el +++ b/lisp/subr.el @@ -3706,7 +3706,10 @@ Modifies the match data; use `save-match-data' if necessary." "Concatenate the STRINGS, adding the SEPARATOR (default \" \"). This tries to quote the strings to avoid ambiguity such that (split-string-and-unquote (combine-and-quote-strings strs)) == strs -Only some SEPARATORs will work properly." +Only some SEPARATORs will work properly. + +Note that this is not intended to protect STRINGS from +interpretation by shells, use `shell-quote-argument' for that." (let* ((sep (or separator " ")) (re (concat "[\\\"]" "\\|" (regexp-quote sep)))) (mapconcat