GNU bug report logs -
#19350
24.4; Incorrect quoting of %-signs for Windows command shell
Previous Next
Reported by: Demetrios Obenour <demetriobenour <at> gmail.com>
Date: Thu, 11 Dec 2014 18:45:02 UTC
Severity: minor
Tags: confirmed, wontfix
Found in version 24.4
Done: Noam Postavsky <npostavs <at> users.sourceforge.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
> From: npostavs <at> users.sourceforge.net
> Date: Sun, 14 Aug 2016 23:13:43 -0400
> Cc: 19350 <at> debbugs.gnu.org
>
> Hmm, maybe we could fix this by making Emacs refuse to apply environment
> variables with names ending in carets?
I'm very much against disallowing perfectly valid (if rare) use cases
just because someone malicious can take advantage of that.
From my POV, as long as Emacs itself doesn't produce such shell
commands and/or environment variables for any of its features,
avoiding this becomes user's responsibility, just like when working at
the shell prompt. Of course, if we can find a reliable solution to
the problem that doesn't take away features, that'd be better, but
failing that, I'm okay with leaving this alone, perhaps documenting
somewhere that using % in shell commands when there are environment
variables ending in ^ could produce surprising results.
Thanks.
This bug report was last modified 7 years and 102 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.