Merge branch 'bugfix'

This commit is contained in:
Ihor Radchenko 2023-01-02 10:53:14 +03:00
commit e002168d64
No known key found for this signature in database
GPG Key ID: 6470762A7DA11D8B
2 changed files with 5 additions and 10 deletions

View File

@ -1689,6 +1689,7 @@ shown below.
(append (append
(split-string (if (stringp raw-result) (split-string (if (stringp raw-result)
raw-result raw-result
;; FIXME: Arbitrary code evaluation.
(eval raw-result t))) (eval raw-result t)))
(cdr (assq :result-params params)))))) (cdr (assq :result-params params))))))
(append (append
@ -2859,6 +2860,7 @@ parameters when merging lists."
(split-string (split-string
(cond ((stringp value) value) (cond ((stringp value) value)
((functionp value) (funcall value)) ((functionp value) (funcall value))
;; FIXME: Arbitrary code evaluation.
(t (eval value t))))))) (t (eval value t)))))))
(`(:exports . ,value) (`(:exports . ,value)
(setq exports (funcall merge (setq exports (funcall merge
@ -3187,16 +3189,8 @@ situations in which is it not appropriate."
((and (not inhibit-lisp-eval) ((and (not inhibit-lisp-eval)
(or (memq (string-to-char cell) '(?\( ?' ?` ?\[)) (or (memq (string-to-char cell) '(?\( ?' ?` ?\[))
(string= cell "*this*"))) (string= cell "*this*")))
;; Prevent arbitrary function calls. ;; FIXME: Arbitrary code evaluation.
(if (and (memq (string-to-char cell) '(?\( ?`)) (eval (read cell) t))
(not (org-babel-confirm-evaluate
;; See `org-babel-get-src-block-info'.
(list "emacs-lisp" cell
'((:eval . yes)) nil (format "%s" cell)
nil nil))))
;; Not allowed.
(user-error "Evaluation of elisp code %S aborted." cell)
(eval (read cell) t)))
((save-match-data ((save-match-data
(and (string-match "^[[:space:]]*\"\\(.*\\)\"[[:space:]]*$" cell) (and (string-match "^[[:space:]]*\"\\(.*\\)\"[[:space:]]*$" cell)
(not (string-match "[^\\]\"" (match-string 1 cell))))) (not (string-match "[^\\]\"" (match-string 1 cell)))))

View File

@ -2614,6 +2614,7 @@ location of point."
(if lispp (if lispp
(setq ev (condition-case nil (setq ev (condition-case nil
;; FIXME: Arbitrary code evaluation.
(eval (eval (read form))) (eval (eval (read form)))
(error "#ERROR")) (error "#ERROR"))
ev (if (numberp ev) (number-to-string ev) ev) ev (if (numberp ev) (number-to-string ev) ev)