Commit 178b2f59 authored by Noam Postavsky's avatar Noam Postavsky
Browse files

Note combine-and-quote-strings doesn't shell quote

* doc/lispref/processes.texi (Shell Arguments):
* lisp/subr.el (combine-and-quote-strings): Add a note that
combine-and-quote-strings doesn't protect arguments against shell
evaluation (Bug #20333).
parent dec75675
...@@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, into a list of ...@@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, into a list of
string arguments to be passed to @code{call-process} or string arguments to be passed to @code{call-process} or
@code{start-process}, or for converting such lists of arguments into @code{start-process}, or for converting such lists of arguments into
a single Lisp string to be presented in the minibuffer or echo area. a single Lisp string to be presented in the minibuffer or echo area.
Note that if a shell is involved (e.g., if using
@code{call-process-shell-command}), arguments should still be
protected by @code{shell-quote-argument};
@code{combine-and-quote-strings} is @emph{not} intended to protect
special characters from shell evaluation.
@defun split-string-and-unquote string &optional separators @defun split-string-and-unquote string &optional separators
This function splits @var{string} into substrings at matches for the This function splits @var{string} into substrings at matches for the
......
...@@ -3706,7 +3706,10 @@ Modifies the match data; use `save-match-data' if necessary." ...@@ -3706,7 +3706,10 @@ Modifies the match data; use `save-match-data' if necessary."
"Concatenate the STRINGS, adding the SEPARATOR (default \" \"). "Concatenate the STRINGS, adding the SEPARATOR (default \" \").
This tries to quote the strings to avoid ambiguity such that This tries to quote the strings to avoid ambiguity such that
(split-string-and-unquote (combine-and-quote-strings strs)) == strs (split-string-and-unquote (combine-and-quote-strings strs)) == strs
Only some SEPARATORs will work properly." Only some SEPARATORs will work properly.
Note that this is not intended to protect STRINGS from
interpretation by shells, use `shell-quote-argument' for that."
(let* ((sep (or separator " ")) (let* ((sep (or separator " "))
(re (concat "[\\\"]" "\\|" (regexp-quote sep)))) (re (concat "[\\\"]" "\\|" (regexp-quote sep))))
(mapconcat (mapconcat
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment