Mention that shell quoting of % on w32 may fail (Bug#19350)

* doc/lispref/os.texi (Security Considerations): Mention that quoting
of '%' assumes no '^' in variable names.
* test/lisp/subr-tests.el (shell-quote-argument-%-on-w32): New test,
demonstrating what doesn't work.

doc/lispref/os.texi

@@ -3042,7 +3042,9 @@ with @samp{-}, or might contain shell metacharacters like @samp{;}.
 Although functions like @code{shell-quote-argument} can help avoid
 this sort of problem, they are not panaceas; for example, on a POSIX
 platform @code{shell-quote-argument} quotes shell metacharacters but
-not leading @samp{-}.  @xref{Shell Arguments}.  Typically it is safer
+not leading @samp{-}.  On MS-Windows, quoting for @samp{%} assumes
+none of the environment variables have @samp{^} in their name.
+@xref{Shell Arguments}.  Typically it is safer
 to use @code{call-process} than a subshell.  @xref{Synchronous
 Processes}.  And it is safer yet to use builtin Emacs functions; for
 example, use @code{(rename-file "@var{a}" "@var{b}" t)} instead of

test/lisp/subr-tests.el

@@ -307,5 +307,22 @@ cf. Bug#25477."
   (should (eq (string-to-char (symbol-name (gensym))) ?g))
   (should (eq (string-to-char (symbol-name (gensym "X"))) ?X)))
 
+(ert-deftest shell-quote-argument-%-on-w32 ()
+  "Quoting of `%' in w32 shells isn't perfect.
+See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19350."
+  :expected-result :failed
+  (skip-unless (and (fboundp 'w32-shell-dos-semantics)
+                    (w32-shell-dos-semantics)))
+  (let ((process-environment (append '("ca^=with-caret"
+                                       "ca=without-caret")
+                                     process-environment)))
+    ;; It actually results in
+    ;;    without-caret with-caret
+    (should (equal (shell-command-to-string
+                    (format "echo %s %s"
+                            "%ca%"
+                            (shell-quote-argument "%ca%")))
+                   "without-caret %ca%"))))
+
 (provide 'subr-tests)
 ;;; subr-tests.el ends here