Commit 178b2f59 authored by Noam Postavsky's avatar Noam Postavsky
Browse files

Note combine-and-quote-strings doesn't shell quote

* doc/lispref/processes.texi (Shell Arguments):
* lisp/subr.el (combine-and-quote-strings): Add a note that
combine-and-quote-strings doesn't protect arguments against shell
evaluation (Bug #20333).
parent dec75675
......@@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, into a list of
string arguments to be passed to @code{call-process} or
@code{start-process}, or for converting such lists of arguments into
a single Lisp string to be presented in the minibuffer or echo area.
Note that if a shell is involved (e.g., if using
@code{call-process-shell-command}), arguments should still be
protected by @code{shell-quote-argument};
@code{combine-and-quote-strings} is @emph{not} intended to protect
special characters from shell evaluation.
@defun split-string-and-unquote string &optional separators
This function splits @var{string} into substrings at matches for the
......@@ -3706,7 +3706,10 @@ Modifies the match data; use `save-match-data' if necessary."
"Concatenate the STRINGS, adding the SEPARATOR (default \" \").
This tries to quote the strings to avoid ambiguity such that
(split-string-and-unquote (combine-and-quote-strings strs)) == strs
Only some SEPARATORs will work properly."
Only some SEPARATORs will work properly.
Note that this is not intended to protect STRINGS from
interpretation by shells, use `shell-quote-argument' for that."
(let* ((sep (or separator " "))
(re (concat "[\\\"]" "\\|" (regexp-quote sep))))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment