From 178b2f590982e37991bc72b08a9e02b64d750601 Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sun, 3 Jul 2016 09:56:36 -0400
Subject: Note combine-and-quote-strings doesn't shell quote

* doc/lispref/processes.texi (Shell Arguments):
* lisp/subr.el (combine-and-quote-strings): Add a note that
combine-and-quote-strings doesn't protect arguments against shell
evaluation (Bug #20333).
---
 doc/lispref/processes.texi | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 5bd0b11cda..b4542f65cc 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -215,6 +215,11 @@ converting user input in the minibuffer, a Lisp string, into a list of
 string arguments to be passed to @code{call-process} or
 @code{start-process}, or for converting such lists of arguments into
 a single Lisp string to be presented in the minibuffer or echo area.
+Note that if a shell is involved (e.g., if using
+@code{call-process-shell-command}), arguments should still be
+protected by @code{shell-quote-argument};
+@code{combine-and-quote-strings} is @emph{not} intended to protect
+special characters from shell evaluation.
 
 @defun split-string-and-unquote string &optional separators
 This function splits @var{string} into substrings at matches for the
-- 
cgit v1.2.3