unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
@ 2015-04-14 19:03 Philipp Stephani
  2016-07-03 14:03 ` npostavs
  0 siblings, 1 reply; 5+ messages in thread
From: Philipp Stephani @ 2015-04-14 19:03 UTC (permalink / raw)
  To: 20333

Context and more discussion:
http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html

It would be great if the documentation string and the Elisp manual about
`combine-and-quote-strings' could be made a bit clearer by explicitly
stating that this function is not useful for shell quoting.


In GNU Emacs 24.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.10.7)
 of 2014-03-07 on lamiak, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11501000
System Description:	Ubuntu 14.04 LTS

Configured using:
 `configure '--build' 'x86_64-linux-gnu' '--build' 'x86_64-linux-gnu'
 '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib'
 '--localstatedir=/var/lib' '--infodir=/usr/share/info'
 '--mandir=/usr/share/man' '--with-pop=yes'
 '--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.3/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3/site-lisp:/usr/share/emacs/site-lisp'
 '--with-crt-dir=/usr/lib/x86_64-linux-gnu' '--with-x=yes'
 '--with-x-toolkit=gtk3' '--with-toolkit-scroll-bars'
 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector
 --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro'
 'CPPFLAGS=-D_FORTIFY_SOURCE=2''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Help

Minor modes in effect:
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
<help-echo> <help-echo> C-h f c o m b i n <tab> n <tab> 
<return> <help-echo> C-h i C-s e l i <return> <return> 
C-s p r o c <return> <return> <down-mouse-5> <mouse-5> 
<double-down-mouse-5> <double-mouse-5> <triple-down-mouse-5> 
<triple-mouse-5> <triple-down-mouse-5> <triple-mouse-5> 
<triple-down-mouse-5> <triple-mouse-5> <down-mouse-4> 
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-4> 
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-5> 
<mouse-5> <help-echo> <down-mouse-1> <mouse-2> <down-mouse-5> 
<mouse-5> <double-down-mouse-5> <double-mouse-5> <down-mouse-4> 
<mouse-4> <double-down-mouse-4> <double-mouse-4> <down-mouse-5> 
<mouse-5> <double-down-mouse-5> <double-mouse-5> <triple-down-mouse-5> 
<triple-mouse-5> <down-mouse-5> <mouse-5> <help-echo> 
<help-echo> <down-mouse-5> <mouse-5> <down-mouse-5> 
<mouse-5> <down-mouse-4> <mouse-4> <down-mouse-5> <mouse-5> 
<double-down-mouse-5> <double-mouse-5> <down-mouse-5> 
<mouse-5> <double-down-mouse-5> <double-mouse-5> <down-mouse-4> 
<mouse-4> <double-down-mouse-4> <double-mouse-4> <triple-down-mouse-4> 
<triple-mouse-4> <help-echo> <down-mouse-1> <mouse-1> 
M-x r e p o r t <tab> <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Type C-x 1 to delete the help window.
Composing main Info directory...done
Mark saved where search started [2 times]
byte-code: End of buffer

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev
gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils jka-compr misearch multi-isearch info help-mode
easymenu help-fns time-date tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment lisp-mode register page menu-bar rfn-eshadow
timer select scroll-bar mouse jit-lock font-lock syntax facemenu
font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan
thai tai-viet lao korean japanese hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces
cus-face macroexp files text-properties overlay sha1 md5 base64 format
env code-pages mule custom widget hashtable-print-readable backquote
make-network-process dbusbind dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
  2015-04-14 19:03 bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings Philipp Stephani
@ 2016-07-03 14:03 ` npostavs
  2016-07-03 15:27   ` Philipp Stephani
  2016-07-03 15:34   ` Eli Zaretskii
  0 siblings, 2 replies; 5+ messages in thread
From: npostavs @ 2016-07-03 14:03 UTC (permalink / raw)
  To: Philipp Stephani; +Cc: 20333

[-- Attachment #1: Type: text/plain, Size: 406 bytes --]

tags 20333 patch
quit

Philipp Stephani <p.stephani2@gmail.com> writes:

> Context and more discussion:
> http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html
>
> It would be great if the documentation string and the Elisp manual about
> `combine-and-quote-strings' could be made a bit clearer by explicitly
> stating that this function is not useful for shell quoting.

How about this:


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: patch --]
[-- Type: text/x-diff, Size: 2037 bytes --]

From 5a1d23231bcf3c279fd3b09654fb132513748e6c Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sun, 3 Jul 2016 09:56:36 -0400
Subject: [PATCH v1] Note combine-and-quote-strings doesn't shell quote

* doc/lispref/processes.texi (Shell Arguments):
* lisp/subr.el (combine-and-quote-strings): Add a note that
combine-and-quote-strings doesn't protect arguments against shell
evaluation (Bug #20333).
---
 doc/lispref/processes.texi | 5 +++++
 lisp/subr.el               | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 5bd0b11..b4542f6 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -215,6 +215,11 @@ Shell Arguments
 string arguments to be passed to @code{call-process} or
 @code{start-process}, or for converting such lists of arguments into
 a single Lisp string to be presented in the minibuffer or echo area.
+Note that if a shell is involved (e.g., if using
+@code{call-process-shell-command}), arguments should still be
+protected by @code{shell-quote-argument};
+@code{combine-and-quote-strings} is @emph{not} intended to protect
+special characters from shell evaluation.
 
 @defun split-string-and-unquote string &optional separators
 This function splits @var{string} into substrings at matches for the
diff --git a/lisp/subr.el b/lisp/subr.el
index ed2166a..e9e19d3 100644
--- a/lisp/subr.el
+++ b/lisp/subr.el
@@ -3706,7 +3706,10 @@ combine-and-quote-strings
   "Concatenate the STRINGS, adding the SEPARATOR (default \" \").
 This tries to quote the strings to avoid ambiguity such that
   (split-string-and-unquote (combine-and-quote-strings strs)) == strs
-Only some SEPARATORs will work properly."
+Only some SEPARATORs will work properly.
+
+Note that this is not intended to protect STRINGS from
+interpretation by shells, use `shell-quote-argument' for that."
   (let* ((sep (or separator " "))
          (re (concat "[\\\"]" "\\|" (regexp-quote sep))))
     (mapconcat
-- 
2.8.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
  2016-07-03 14:03 ` npostavs
@ 2016-07-03 15:27   ` Philipp Stephani
  2016-07-03 15:34   ` Eli Zaretskii
  1 sibling, 0 replies; 5+ messages in thread
From: Philipp Stephani @ 2016-07-03 15:27 UTC (permalink / raw)
  To: npostavs; +Cc: 20333

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

<npostavs@users.sourceforge.net> schrieb am So., 3. Juli 2016 um 16:03 Uhr:

> tags 20333 patch
> quit
>
> Philipp Stephani <p.stephani2@gmail.com> writes:
>
> > Context and more discussion:
> > http://lists.gnu.org/archive/html/help-gnu-emacs/2015-04/msg00179.html
> >
> > It would be great if the documentation string and the Elisp manual about
> > `combine-and-quote-strings' could be made a bit clearer by explicitly
> > stating that this function is not useful for shell quoting.
>
> How about this:
>
>
Looks good, thanks.

[-- Attachment #2: Type: text/html, Size: 1062 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
  2016-07-03 14:03 ` npostavs
  2016-07-03 15:27   ` Philipp Stephani
@ 2016-07-03 15:34   ` Eli Zaretskii
  2016-07-03 19:08     ` npostavs
  1 sibling, 1 reply; 5+ messages in thread
From: Eli Zaretskii @ 2016-07-03 15:34 UTC (permalink / raw)
  To: npostavs; +Cc: p.stephani2, 20333

> From: npostavs@users.sourceforge.net
> Date: Sun, 03 Jul 2016 10:03:55 -0400
> Cc: 20333@debbugs.gnu.org
> 
> >From 5a1d23231bcf3c279fd3b09654fb132513748e6c Mon Sep 17 00:00:00 2001
> From: Noam Postavsky <npostavs@gmail.com>
> Date: Sun, 3 Jul 2016 09:56:36 -0400
> Subject: [PATCH v1] Note combine-and-quote-strings doesn't shell quote
> 
> * doc/lispref/processes.texi (Shell Arguments):
> * lisp/subr.el (combine-and-quote-strings): Add a note that
> combine-and-quote-strings doesn't protect arguments against shell
> evaluation (Bug #20333).
> ---
>  doc/lispref/processes.texi | 5 +++++
>  lisp/subr.el               | 5 ++++-
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
> index 5bd0b11..b4542f6 100644
> --- a/doc/lispref/processes.texi
> +++ b/doc/lispref/processes.texi
> @@ -215,6 +215,11 @@ Shell Arguments
>  string arguments to be passed to @code{call-process} or
>  @code{start-process}, or for converting such lists of arguments into
>  a single Lisp string to be presented in the minibuffer or echo area.
> +Note that if a shell is involved (e.g., if using
> +@code{call-process-shell-command}), arguments should still be
> +protected by @code{shell-quote-argument};
> +@code{combine-and-quote-strings} is @emph{not} intended to protect
> +special characters from shell evaluation.
>  
>  @defun split-string-and-unquote string &optional separators
>  This function splits @var{string} into substrings at matches for the
> diff --git a/lisp/subr.el b/lisp/subr.el
> index ed2166a..e9e19d3 100644
> --- a/lisp/subr.el
> +++ b/lisp/subr.el
> @@ -3706,7 +3706,10 @@ combine-and-quote-strings
>    "Concatenate the STRINGS, adding the SEPARATOR (default \" \").
>  This tries to quote the strings to avoid ambiguity such that
>    (split-string-and-unquote (combine-and-quote-strings strs)) == strs
> -Only some SEPARATORs will work properly."
> +Only some SEPARATORs will work properly.
> +
> +Note that this is not intended to protect STRINGS from
> +interpretation by shells, use `shell-quote-argument' for that."
>    (let* ((sep (or separator " "))
>           (re (concat "[\\\"]" "\\|" (regexp-quote sep))))
>      (mapconcat
> -- 
> 2.8.0

LGTM, thanks.  This is good for emacs-25.





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings
  2016-07-03 15:34   ` Eli Zaretskii
@ 2016-07-03 19:08     ` npostavs
  0 siblings, 0 replies; 5+ messages in thread
From: npostavs @ 2016-07-03 19:08 UTC (permalink / raw)
  To: Eli Zaretskii; +Cc: p.stephani2, 20333

tags 20333 fixed
close 20333 25.1
quit

Eli Zaretskii <eliz@gnu.org> writes:
>
> LGTM, thanks.  This is good for emacs-25.

Pushed as 178b2f59





^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-07-03 19:08 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-14 19:03 bug#20333: 24.3; Add warning about shell quoting to documentation of combine-and-quote-strings Philipp Stephani
2016-07-03 14:03 ` npostavs
2016-07-03 15:27   ` Philipp Stephani
2016-07-03 15:34   ` Eli Zaretskii
2016-07-03 19:08     ` npostavs

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).