# HG changeset patch # User Richard M. Stallman # Date 771509264 0 # Node ID c4adb74016043f897b6f50f66348b11bfef2b4fa # Parent 0b6f46029ea21042e13b7be334108a7e51e57d4d (forms-mode): Plug security hole by disabling `eval-buffer' unless `enable-local-eval' is set to t. Correct setting of `forms--mode-setup'. (forms--local-write-file-function): New function to be used as `local-write-file-hooks'. (forms-mode): Use it. (forms-find-file,forms-find-file-other-window): Locally set `enable-local-eval' and `enable-local-variables' to t. (forms-find-file-other-window): Remove extraneous call to `eval-current-buffer'. diff -r 0b6f46029ea2 -r c4adb7401604 lisp/forms.el --- a/lisp/forms.el Sun Jun 12 19:58:00 1994 +0000 +++ b/lisp/forms.el Mon Jun 13 12:07:44 1994 +0000 @@ -2,7 +2,7 @@ ;;; Copyright (C) 1991, 1993 Free Software Foundation, Inc. ;; Author: Johan Vromans -;; Version: $Revision: 2.5 $ +;; Version: $Revision: 2.6 $ ;; This file is part of GNU Emacs. @@ -266,10 +266,10 @@ (provide 'forms) ;;; official (provide 'forms-mode) ;;; for compatibility -(defconst forms-version (substring "$Revision: 2.5 $" 11 -2) +(defconst forms-version (substring "$Revision: 2.6 $" 11 -2) "The version number of forms-mode (as string). The complete RCS id is: - $Id: forms.el,v 2.5 1994/05/07 01:52:42 kwzh Exp rms $") + $Id: forms.el,v 2.6 1994/05/22 22:07:37 rms Exp rms $") (defvar forms-mode-hooks nil "Hook functions to be run upon entering Forms mode.") @@ -444,7 +444,13 @@ ;; eval the buffer, should set variables ;;(message "forms: processing control file...") - (eval-current-buffer) + ;; If enable-local-eval is not set to t the user is asked first. + (if (or (eq enable-local-eval t) + (yes-or-no-p + (concat "Evaluate lisp code in buffer " + (buffer-name) " to display forms "))) + (eval-current-buffer) + (error "`enable-local-eval' inhibits buffer evaluation")) ;; check if the mandatory variables make sense. (or forms-file @@ -514,6 +520,9 @@ ;;(message "forms: setting up... done.") )) + ;; initialization done + (setq forms--mode-setup t) + ;; Copy desired faces to the actual variables used by the forms formatter. (if (fboundp 'make-face) (progn @@ -595,9 +604,7 @@ ;; be helpful (forms--help) - - ;; initialization done - (setq forms--mode-setup t)) +) (defun forms--process-format-list () ;; Validate `forms-format-list' and set some global variables. @@ -1163,19 +1170,13 @@ (current-local-map) (current-global-map)))) ;; - ;; save-buffer -> forms--save-buffer + ;; Use local-write-file-hooks to invoke our own buffer save + ;; function. Note however that it usually does not work. (make-local-variable 'local-write-file-hooks) - (add-hook 'local-write-file-hooks - (function - (lambda (nil) - (forms--checkmod) - (save-excursion - (set-buffer forms--file-buffer) - (save-buffer)) - t))) - ;; We have our own revert function - use it + (add-hook 'local-write-file-hooks 'forms--local-write-file-function) + ;; We have our own revert function - use it. (make-local-variable 'revert-buffer-function) - (setq revert-buffer-function 'forms-revert-buffer) + (setq revert-buffer-function 'forms--revert-buffer) t) @@ -1366,16 +1367,19 @@ (defun forms-find-file (fn) "Visit a file in Forms mode." (interactive "fForms file: ") - (find-file-read-only fn) - (or forms--mode-setup (forms-mode t))) + (let ((enable-local-eval t) + (enable-local-variables t)) + (find-file-read-only fn) + (or forms--mode-setup (forms-mode t)))) ;;;###autoload (defun forms-find-file-other-window (fn) "Visit a file in Forms mode in other window." (interactive "fFbrowse file in other window: ") - (find-file-other-window fn) - (eval-current-buffer) - (or forms--mode-setup (forms-mode t))) + (let ((enable-local-eval t) + (enable-local-variables t)) + (find-file-other-window fn) + (or forms--mode-setup (forms-mode t)))) (defun forms-exit (query) "Normal exit from Forms mode. Modified buffers are saved." @@ -1608,7 +1612,15 @@ (re-search-forward regexp nil t)))) (setq forms--search-regexp regexp)) -(defun forms-revert-buffer (&optional arg noconfirm) +(defun forms--local-write-file-function () + "Local write file hook." + (forms--checkmod) + (save-excursion + (set-buffer forms--file-buffer) + (save-buffer)) + t) + +(defun forms--revert-buffer (&optional arg noconfirm) "Reverts current form to un-modified." (interactive "P") (if (or noconfirm