Mercurial > emacs

changeset 111024:de3915e14c4c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use unsafep to check for theme safety. * cus-face.el (custom-theme-set-faces): Mark as a safe function. * custom.el (custom-theme-set-variables): Mark as a safe function. (load-theme): Check forms using unsafep.
author Chong Yidong <cyd@stupidchicken.com>
date Mon, 18 Oct 2010 13:26:25 -0400
parents a59302c4ca9e
children 54ea07fb88fc
files lisp/ChangeLog lisp/cus-face.el lisp/custom.el
diffstat 3 files changed, 26 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/lisp/ChangeLog	Mon Oct 18 18:01:43 2010 +0200
+++ b/lisp/ChangeLog	Mon Oct 18 13:26:25 2010 -0400
@@ -1,3 +1,10 @@
+2010-10-18  Chong Yidong  <cyd@stupidchicken.com>
+
+	* custom.el (custom-theme-set-variables): Mark as a safe function.
+	(load-theme): Check forms using unsafep.
+
+	* cus-face.el (custom-theme-set-faces): Mark as a safe function.
+
 2010-10-17  Agustín Martín  <agustin.martin@hispalinux.es>
 
 	* textmodes/ispell.el (ispell-aspell-find-dictionary): Fix
--- a/lisp/cus-face.el	Mon Oct 18 18:01:43 2010 +0200
+++ b/lisp/cus-face.el	Mon Oct 18 13:26:25 2010 -0400
@@ -349,6 +349,8 @@
 	      (put face 'face-override-spec nil)
 	      (face-spec-set face spec t))))))))
 
+(put 'custom-theme-set-faces 'safe-function t)
+
 ;; XEmacs compability function.  In XEmacs, when you reset a Custom
 ;; Theme, you have to specify the theme to reset it to.  We just apply
 ;; the next theme.
--- a/lisp/custom.el	Mon Oct 18 18:01:43 2010 +0200
+++ b/lisp/custom.el	Mon Oct 18 13:26:25 2010 -0400
@@ -993,6 +993,8 @@
 	  (and (or now (default-boundp symbol))
 	       (put symbol 'variable-comment comment)))))))
 
+(put 'custom-theme-set-variables 'safe-function t)
+
 
 ;;; Defining themes.
 
@@ -1134,32 +1136,27 @@
     (with-temp-buffer
       (insert-file-contents fn)
       (let ((custom--inhibit-theme-enable no-enable)
-	    sexp scar)
-	(while (setq sexp (let ((read-circle nil))
+	    form scar)
+	(while (setq form (let ((read-circle nil))
 			    (condition-case nil
 				(read (current-buffer))
 			      (end-of-file nil))))
-	  ;; Perform some checks on each sexp before evaluating it.
 	  (cond
-	   ((not (listp sexp)))
-	   ((eq (setq scar (car sexp)) 'deftheme)
-	    (unless (eq (cadr sexp) theme)
+	   ;; Check `deftheme' expressions.
+	   ((eq (setq scar (car form)) 'deftheme)
+	    (unless (eq (cadr form) theme)
 	      (error "Incorrect theme name in `deftheme'"))
-	    (and (symbolp (nth 1 sexp))
-		 (stringp (nth 2 sexp))
-		 (eval (list scar (nth 1 sexp) (nth 2 sexp)))))
-	   ((or (eq scar 'custom-theme-set-variables)
-		(eq scar 'custom-theme-set-faces))
-	    (unless (equal (nth 1 sexp) `(quote ,theme))
-	      (error "Incorrect theme name in theme settings"))
-	    (dolist (entry (cddr sexp))
-	      (unless (eq (car-safe entry) 'quote)
-		(error "Unsafe expression in theme settings")))
-	    (eval sexp))
+	    (and (symbolp (nth 1 form))
+		 (stringp (nth 2 form))
+		 (eval (list scar (nth 1 form) (nth 2 form)))))
+	   ;; Check `provide-theme' expressions.
 	   ((and (eq scar 'provide-theme)
-		 (equal (cadr sexp) `(quote ,theme))
-		 (= (length sexp) 2))
-	    (eval sexp))))))))
+		 (equal (cadr form) `(quote ,theme))
+		 (= (length form) 2))
+	    (eval form))
+	   ;; All other expressions need to be safe.
+	   ((not (unsafep form))
+	    (eval form))))))))
 
 (defun custom-theme-name-valid-p (name)
   "Return t if NAME is a valid name for a Custom theme, nil otherwise.