Mention that shell quoting of % on w32 may fail (Bug#19350)

* doc/lispref/os.texi (Security Considerations): Mention that quoting of '%' assumes no '^' in variable names. * test/lisp/subr-tests.el (shell-quote-argument-%-on-w32): New test, demonstrating what doesn't work.
author: Noam Postavsky 2018-02-06 13:17:07 -0500
committer: Noam Postavsky 2018-02-08 19:10:11 -0500
commit: 2dd273b9853189f2105426cffa723ced7f329fb4 (patch)
tree: eff0676ce2be65d138af426c5341336b1f00023f
parent: 19fa6d561abd91e9ad71a6799c5ed4f582c9f351 (diff)
download: emacs-2dd273b9853189f2105426cffa723ced7f329fb4.tar.gz
emacs-2dd273b9853189f2105426cffa723ced7f329fb4.zip
2 files changed, 20 insertions, 1 deletions
diff --git a/doc/lispref/os.texi b/doc/lispref/os.texi
index 9352a929a7a..42be60449de 100644
--- a/doc/lispref/os.texi
+++ b/doc/lispref/os.texi
@@ -3042,7 +3042,9 @@ with @samp{-}, or might contain shell metacharacters like @samp{;}.
 Although functions like @code{shell-quote-argument} can help avoid
 this sort of problem, they are not panaceas; for example, on a POSIX
 platform @code{shell-quote-argument} quotes shell metacharacters but
-not leading @samp{-}.  @xref{Shell Arguments}.  Typically it is safer
+not leading @samp{-}.  On MS-Windows, quoting for @samp{%} assumes
+none of the environment variables have @samp{^} in their name.
+@xref{Shell Arguments}.  Typically it is safer
 to use @code{call-process} than a subshell.  @xref{Synchronous
 Processes}.  And it is safer yet to use builtin Emacs functions; for
 example, use @code{(rename-file "@var{a}" "@var{b}" t)} instead of
diff --git a/test/lisp/subr-tests.el b/test/lisp/subr-tests.el
index efafdcf8325..430d719037f 100644
--- a/test/lisp/subr-tests.el
+++ b/test/lisp/subr-tests.el
@@ -307,5 +307,22 @@ cf. Bug#25477."
  (should (eq (string-to-char (symbol-name (gensym))) ?g))
  (should (eq (string-to-char (symbol-name (gensym "X"))) ?X)))
+(ert-deftest shell-quote-argument-%-on-w32 ()
+  "Quoting of `%' in w32 shells isn't perfect.
+See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19350."
+  :expected-result :failed
+  (skip-unless (and (fboundp 'w32-shell-dos-semantics)
+                    (w32-shell-dos-semantics)))
+  (let ((process-environment (append '("ca^=with-caret"
+                                       "ca=without-caret")
+                                     process-environment)))
+    ;; It actually results in
+    ;;    without-caret with-caret
+    (should (equal (shell-command-to-string
+                    (format "echo %s %s"
+                            "%ca%"
+                            (shell-quote-argument "%ca%")))
+                   "without-caret %ca%"))))
 (provide 'subr-tests)
 ;;; subr-tests.el ends here
author	Noam Postavsky	2018-02-06 13:17:07 -0500
committer	Noam Postavsky	2018-02-08 19:10:11 -0500
commit	2dd273b9853189f2105426cffa723ced7f329fb4 (patch)
tree	eff0676ce2be65d138af426c5341336b1f00023f
parent	19fa6d561abd91e9ad71a6799c5ed4f582c9f351 (diff)
download	emacs-2dd273b9853189f2105426cffa723ced7f329fb4.tar.gz emacs-2dd273b9853189f2105426cffa723ced7f329fb4.zip

diff --git a/doc/lispref/os.texi b/doc/lispref/os.texi index 9352a929a7a..42be60449de 100644 --- a/doc/lispref/os.texi +++ b/doc/lispref/os.texi
@@ -3042,7 +3042,9 @@ with @samp{-}, or might contain shell metacharacters like @samp{;}.
3042	Although functions like @code{shell-quote-argument} can help avoid	3042	Although functions like @code{shell-quote-argument} can help avoid
3043	this sort of problem, they are not panaceas; for example, on a POSIX	3043	this sort of problem, they are not panaceas; for example, on a POSIX
3044	platform @code{shell-quote-argument} quotes shell metacharacters but	3044	platform @code{shell-quote-argument} quotes shell metacharacters but
3045	not leading @samp{-}. @xref{Shell Arguments}. Typically it is safer	3045	not leading @samp{-}. On MS-Windows, quoting for @samp{%} assumes
		3046	none of the environment variables have @samp{^} in their name.
		3047	@xref{Shell Arguments}. Typically it is safer
3046	to use @code{call-process} than a subshell. @xref{Synchronous	3048	to use @code{call-process} than a subshell. @xref{Synchronous
3047	Processes}. And it is safer yet to use builtin Emacs functions; for	3049	Processes}. And it is safer yet to use builtin Emacs functions; for
3048	example, use @code{(rename-file "@var{a}" "@var{b}" t)} instead of	3050	example, use @code{(rename-file "@var{a}" "@var{b}" t)} instead of


diff --git a/test/lisp/subr-tests.el b/test/lisp/subr-tests.el index efafdcf8325..430d719037f 100644 --- a/test/lisp/subr-tests.el +++ b/test/lisp/subr-tests.el
@@ -307,5 +307,22 @@ cf. Bug#25477."
307	(should (eq (string-to-char (symbol-name (gensym))) ?g))	307	(should (eq (string-to-char (symbol-name (gensym))) ?g))
308	(should (eq (string-to-char (symbol-name (gensym "X"))) ?X)))	308	(should (eq (string-to-char (symbol-name (gensym "X"))) ?X)))
309		309
		310	(ert-deftest shell-quote-argument-%-on-w32 ()
		311	"Quoting of `%' in w32 shells isn't perfect.
		312	See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19350."
		313	:expected-result :failed
		314	(skip-unless (and (fboundp 'w32-shell-dos-semantics)
		315	(w32-shell-dos-semantics)))
		316	(let ((process-environment (append '("ca^=with-caret"
		317	"ca=without-caret")
		318	process-environment)))
		319	;; It actually results in
		320	;; without-caret with-caret
		321	(should (equal (shell-command-to-string
		322	(format "echo %s %s"
		323	"%ca%"
		324	(shell-quote-argument "%ca%")))
		325	"without-caret %ca%"))))
		326
310	(provide 'subr-tests)	327	(provide 'subr-tests)
311	;;; subr-tests.el ends here	328	;;; subr-tests.el ends here