Add missing calls to the shellescape() function (#1099)

* Improve "g:NERDTreeQuickLook()"

The following improvements were made...

  - Use variable sigils
  - Shorten a local variable name
  - Prefer an early return over testing for a negative
  - Switch to single quotes
  - Call "shellescape()" to pass a command argument [IMPORTANT!]

The final change is a critical fix for the security and reliability
of this function (see ":h system()").

Similar fixes for the other functions in this script will follow.

* Improve "g:NERDTreeRevealInFinder()"

This commit makes several style improvements and adds a missing call
to the "shellescape()" function.

See also: 56cfbcff1e

* Improve "g:NERDTreeExecuteFile()"

Refer to: 56cfbcff1e

* Improve "g:NERDTreeRevealFileLinux()"

Refer to: 56cfbcff1e

* Improve "g:NERDTreeExecuteFileLinux()"

Refer to: 56cfbcff1e

* Properly reveal "/" on Linux

This commit handles the edge case where a user invokes the "reveal"
function on "/" on a Linux box.  There is nothing to do but open the
root directory itself since "/" has no parent.

* Update the "CHANGELOG.md" file

* Add final missing "shellescape()" calls

I initially thought that there were several more locations where
a call to "shellescape()" was required but omitted.  However, there
are only two.  I suppose I should have taken the time to look.

Fixing these was easy.  I would be surprised if this change breaks
anything on the user side.

* Update the "CHANGELOG.md" file (again)

Use a more fitting description of the change...

nerdtree_plugin/fs_menu.vim

@@ -388,44 +388,67 @@ endfunction
 
 " FUNCTION: NERDTreeQuickLook() {{{1
 function! NERDTreeQuickLook()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("qlmanage -p 2>/dev/null '" . treenode.path.str() . "'")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    call system('qlmanage -p 2>/dev/null ' . shellescape(l:node.path.str()))
 endfunction
 
 " FUNCTION: NERDTreeRevealInFinder() {{{1
 function! NERDTreeRevealInFinder()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("open -R '" . treenode.path.str() . "'")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    call system('open -R ' . shellescape(l:node.path.str()))
 endfunction
 
 " FUNCTION: NERDTreeExecuteFile() {{{1
 function! NERDTreeExecuteFile()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("open '" . treenode.path.str() . "'")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    call system('open ' . shellescape(l:node.path.str()))
 endfunction
 
 " FUNCTION: NERDTreeRevealFileLinux() {{{1
 function! NERDTreeRevealFileLinux()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    let parentnode = treenode.parent
-    if parentnode !=# {}
-        call system("xdg-open '" . parentnode.path.str() . "' &")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    " Handle the edge case of "/", which has no parent.
+    if l:node.path.str() ==# '/'
+        call system('xdg-open /')
+        return
+    endif
+
+    if empty(l:node.parent)
+        return
+    endif
+
+    call system('xdg-open ' . shellescape(l:node.parent.path.str()))
 endfunction
 
 " FUNCTION: NERDTreeExecuteFileLinux() {{{1
 function! NERDTreeExecuteFileLinux()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("xdg-open '" . treenode.path.str() . "' &")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    call system('xdg-open ' . shellescape(l:node.path.str()))
 endfunction
 
 " vim: set sw=4 sts=4 et fdm=marker:
-