* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
@ 2015-04-14 19:03 Philipp Stephani
2016-07-03 14:03 ` npostavs
0 siblings, 1 reply; 5+ messages in thread
From: Philipp Stephani @ 2015-04-14 19:03 UTC (permalink / raw)
To: 20333
Context and more discussion:
http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html
It would be great if the documentation string and the Elisp manual about
`combine-and-quote-strings' could be made a bit clearer by explicitly
stating that this function is not useful for shell quoting.
In GNU Emacs 24.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.10.7)
of 2014-03-07 on lamiak, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11501000
System Description: Ubuntu 14.04 LTS
Configured using:
`configure '--build' 'x86_64-linux-gnu' '--build' 'x86_64-linux-gnu'
'--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib'
'--localstatedir=/var/lib' '--infodir=/usr/share/info'
'--mandir=/usr/share/man' '--with-pop=yes'
'--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.3/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3/site-lisp:/usr/share/emacs/site-lisp'
'--with-crt-dir=/usr/lib/x86_64-linux-gnu' '--with-x=yes'
'--with-x-toolkit=gtk3' '--with-toolkit-scroll-bars'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro'
'CPPFLAGS=-D_FORTIFY_SOURCE=2''
Important settings:
value of $LANG: en_US.UTF-8
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
Major mode: Help
Minor modes in effect:
tooltip-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
buffer-read-only: t
line-number-mode: t
transient-mark-mode: t
Recent input:
<help-echo> <help-echo> C-h f c o m b i n <tab> n <tab>
<return> <help-echo> C-h i C-s e l i <return> <return>
C-s p r o c <return> <return> <down-mouse-5> <mouse-5>
<double-down-mouse-5> <double-mouse-5> <triple-down-mouse-5>
<triple-mouse-5> <triple-down-mouse-5> <triple-mouse-5>
<triple-down-mouse-5> <triple-mouse-5> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-5>
<mouse-5> <help-echo> <down-mouse-1> <mouse-2> <down-mouse-5>
<mouse-5> <double-down-mouse-5> <double-mouse-5> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-5>
<mouse-5> <double-down-mouse-5> <double-mouse-5> <triple-down-mouse-5>
<triple-mouse-5> <down-mouse-5> <mouse-5> <help-echo>
<help-echo> <down-mouse-5> <mouse-5> <down-mouse-5>
<mouse-5> <down-mouse-4> <mouse-4> <down-mouse-5> <mouse-5>
<double-down-mouse-5> <double-mouse-5> <down-mouse-5>
<mouse-5> <double-down-mouse-5> <double-mouse-5> <down-mouse-4>
<mouse-4> <double-down-mouse-4> <double-mouse-4> <triple-down-mouse-4>
<triple-mouse-4> <help-echo> <down-mouse-1> <mouse-1>
M-x r e p o r t <tab> <return>
Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Type C-x 1 to delete the help window.
Composing main Info directory...done
Mark saved where search started [2 times]
byte-code: End of buffer
Load-path shadows:
None found.
Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev
gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils jka-compr misearch multi-isearch info help-mode
easymenu help-fns time-date tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment lisp-mode register page menu-bar rfn-eshadow
timer select scroll-bar mouse jit-lock font-lock syntax facemenu
font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan
thai tai-viet lao korean japanese hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces
cus-face macroexp files text-properties overlay sha1 md5 base64 format
env code-pages mule custom widget hashtable-print-readable backquote
make-network-process dbusbind dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
2015-04-14 19:03 bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings Philipp Stephani
@ 2016-07-03 14:03 ` npostavs
2016-07-03 15:27 ` Philipp Stephani
2016-07-03 15:34 ` Eli Zaretskii
0 siblings, 2 replies; 5+ messages in thread
From: npostavs @ 2016-07-03 14:03 UTC (permalink / raw)
To: Philipp Stephani; +Cc: 20333
[-- Attachment #1: Type: text/plain, Size: 406 bytes --]
tags 20333 patch
quit
Philipp Stephani <p.stephani2@gmail.com> writes:
> Context and more discussion:
> http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html
>
> It would be great if the documentation string and the Elisp manual about
> `combine-and-quote-strings' could be made a bit clearer by explicitly
> stating that this function is not useful for shell quoting.
How about this:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: patch --]
[-- Type: text/x-diff, Size: 2037 bytes --]
From 5a1d23231bcf3c279fd3b09654fb132513748e6c Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sun, 3 Jul 2016 09:56:36 -0400
Subject: [PATCH v1] Note combine-and-quote-strings doesn't shell quote
* doc/lispref/processes.texi (Shell Arguments):
* lisp/subr.el (combine-and-quote-strings): Add a note that
combine-and-quote-strings doesn't protect arguments against shell
evaluation (Bug #20333).
---
doc/lispref/processes.texi | 5 +++++
lisp/subr.el | 5 ++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 5bd0b11..b4542f6 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -215,6 +215,11 @@ Shell Arguments
string arguments to be passed to @code{call-process} or
@code{start-process}, or for converting such lists of arguments into
a single Lisp string to be presented in the minibuffer or echo area.
+Note that if a shell is involved (e.g., if using
+@code{call-process-shell-command}), arguments should still be
+protected by @code{shell-quote-argument};
+@code{combine-and-quote-strings} is @emph{not} intended to protect
+special characters from shell evaluation.
@defun split-string-and-unquote string &optional separators
This function splits @var{string} into substrings at matches for the
diff --git a/lisp/subr.el b/lisp/subr.el
index ed2166a..e9e19d3 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -3706,7 +3706,10 @@ combine-and-quote-strings
"Concatenate the STRINGS, adding the SEPARATOR (default \" \").
This tries to quote the strings to avoid ambiguity such that
(split-string-and-unquote (combine-and-quote-strings strs)) == strs
-Only some SEPARATORs will work properly."
+Only some SEPARATORs will work properly.
+
+Note that this is not intended to protect STRINGS from
+interpretation by shells, use `shell-quote-argument' for that."
(let* ((sep (or separator " "))
(re (concat "[\\\"]" "\\|" (regexp-quote sep))))
(mapconcat
--
2.8.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
2016-07-03 14:03 ` npostavs
@ 2016-07-03 15:27 ` Philipp Stephani
2016-07-03 15:34 ` Eli Zaretskii
1 sibling, 0 replies; 5+ messages in thread
From: Philipp Stephani @ 2016-07-03 15:27 UTC (permalink / raw)
To: npostavs; +Cc: 20333
[-- Attachment #1: Type: text/plain, Size: 529 bytes --]
<npostavs@users.sourceforge.net> schrieb am So., 3. Juli 2016 um 16:03 Uhr:
> tags 20333 patch
> quit
>
> Philipp Stephani <p.stephani2@gmail.com> writes:
>
> > Context and more discussion:
> > http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html
> >
> > It would be great if the documentation string and the Elisp manual about
> > `combine-and-quote-strings' could be made a bit clearer by explicitly
> > stating that this function is not useful for shell quoting.
>
> How about this:
>
>
Looks good, thanks.
[-- Attachment #2: Type: text/html, Size: 1062 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
2016-07-03 14:03 ` npostavs
2016-07-03 15:27 ` Philipp Stephani
@ 2016-07-03 15:34 ` Eli Zaretskii
2016-07-03 19:08 ` npostavs
1 sibling, 1 reply; 5+ messages in thread
From: Eli Zaretskii @ 2016-07-03 15:34 UTC (permalink / raw)
To: npostavs; +Cc: p.stephani2, 20333
> From: npostavs@users.sourceforge.net
> Date: Sun, 03 Jul 2016 10:03:55 -0400
> Cc: 20333@debbugs.gnu.org
>
> >From 5a1d23231bcf3c279fd3b09654fb132513748e6c Mon Sep 17 00:00:00 2001
> From: Noam Postavsky <npostavs@gmail.com>
> Date: Sun, 3 Jul 2016 09:56:36 -0400
> Subject: [PATCH v1] Note combine-and-quote-strings doesn't shell quote
>
> * doc/lispref/processes.texi (Shell Arguments):
> * lisp/subr.el (combine-and-quote-strings): Add a note that
> combine-and-quote-strings doesn't protect arguments against shell
> evaluation (Bug #20333).
> ---
> doc/lispref/processes.texi | 5 +++++
> lisp/subr.el | 5 ++++-
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
> index 5bd0b11..b4542f6 100644
> --- a/doc/lispref/processes.texi
> +++ b/doc/lispref/processes.texi
> @@ -215,6 +215,11 @@ Shell Arguments
> string arguments to be passed to @code{call-process} or
> @code{start-process}, or for converting such lists of arguments into
> a single Lisp string to be presented in the minibuffer or echo area.
> +Note that if a shell is involved (e.g., if using
> +@code{call-process-shell-command}), arguments should still be
> +protected by @code{shell-quote-argument};
> +@code{combine-and-quote-strings} is @emph{not} intended to protect
> +special characters from shell evaluation.
>
> @defun split-string-and-unquote string &optional separators
> This function splits @var{string} into substrings at matches for the
> diff --git a/lisp/subr.el b/lisp/subr.el
> index ed2166a..e9e19d3 100644
> --- a/lisp/subr.el
> +++ b/lisp/subr.el
> @@ -3706,7 +3706,10 @@ combine-and-quote-strings
> "Concatenate the STRINGS, adding the SEPARATOR (default \" \").
> This tries to quote the strings to avoid ambiguity such that
> (split-string-and-unquote (combine-and-quote-strings strs)) == strs
> -Only some SEPARATORs will work properly."
> +Only some SEPARATORs will work properly.
> +
> +Note that this is not intended to protect STRINGS from
> +interpretation by shells, use `shell-quote-argument' for that."
> (let* ((sep (or separator " "))
> (re (concat "[\\\"]" "\\|" (regexp-quote sep))))
> (mapconcat
> --
> 2.8.0
LGTM, thanks. This is good for emacs-25.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
2016-07-03 15:34 ` Eli Zaretskii
@ 2016-07-03 19:08 ` npostavs
0 siblings, 0 replies; 5+ messages in thread
From: npostavs @ 2016-07-03 19:08 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: p.stephani2, 20333
tags 20333 fixed
close 20333 25.1
quit
Eli Zaretskii <eliz@gnu.org> writes:
>
> LGTM, thanks. This is good for emacs-25.
Pushed as 178b2f59
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-07-03 19:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-14 19:03 bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings Philipp Stephani
2016-07-03 14:03 ` npostavs
2016-07-03 15:27 ` Philipp Stephani
2016-07-03 15:34 ` Eli Zaretskii
2016-07-03 19:08 ` npostavs
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).