On 4/25/11 1:49 AM, Daniel Colascione wrote:
>>  . Please install this only on the trunk.  The emacs-23 branch should
>>    not be destabilized by such experiments at this time.
> 
> Fair enough.

I'd just like to note that it'd be a good idea to eventually backport
this fix to Emacs 23: it's a security issue.  The current
shell-quote-argument doesn't, so (shell-command (format "cmd %s"
(shell-quote-argument untrusted-input))) can run an arbitrary command.