(forms-mode): Plug security hole by disabling `eval-buffer' unless

`enable-local-eval' is set to t. Correct setting of `forms--mode-setup'. (forms--local-write-file-function): New function to be used as `local-write-file-hooks'. (forms-mode): Use it. (forms-find-file,forms-find-file-other-window): Locally set `enable-local-eval' and `enable-local-variables' to t. (forms-find-file-other-window): Remove extraneous call to `eval-current-buffer'.
author: Richard M. Stallman 1994-06-13 12:07:44 +0000
committer: Richard M. Stallman 1994-06-13 12:07:44 +0000
commit: 485efad04beb4aebd59b06f4b3342c46c4104bf2 (patch)
tree: 78c519b130d828f323fb313d78481985e92d9bc8
parent: 03240d11038e8c52fe56a07685b6191009dd2b10 (diff)
download: emacs-485efad04beb4aebd59b06f4b3342c46c4104bf2.tar.gz
emacs-485efad04beb4aebd59b06f4b3342c46c4104bf2.zip
1 files changed, 36 insertions, 24 deletions
diff --git a/lisp/forms.el b/lisp/forms.el
index 083eb1cb53f..9418f2f2341 100644
--- a/lisp/forms.el
+++ b/lisp/forms.el
@@ -2,7 +2,7 @@
 ;;; Copyright (C) 1991, 1993 Free Software Foundation, Inc.
 ;; Author: Johan Vromans <jv@nl.net>
-;; Version: $Revision: 2.5 $
+;; Version: $Revision: 2.6 $
 ;; This file is part of GNU Emacs.
@@ -266,10 +266,10 @@
 (provide 'forms)                        ;;; official
 (provide 'forms-mode)                   ;;; for compatibility
-(defconst forms-version (substring "$Revision: 2.5 $" 11 -2)
+(defconst forms-version (substring "$Revision: 2.6 $" 11 -2)
  "The version number of forms-mode (as string).  The complete RCS id is:
-  $Id: forms.el,v 2.5 1994/05/07 01:52:42 kwzh Exp rms $")
+  $Id: forms.el,v 2.6 1994/05/22 22:07:37 rms Exp rms $")
 (defvar forms-mode-hooks nil
  "Hook functions to be run upon entering Forms mode.")
@@ -444,7 +444,13 @@ Commands:                        Equivalent keys in read-only mode:
        ;; eval the buffer, should set variables
        ;;(message "forms: processing control file...")
-        (eval-current-buffer)
+        ;; If enable-local-eval is not set to t the user is asked first.
+        (if (or (eq enable-local-eval t)
+                (yes-or-no-p 
+                 (concat "Evaluate lisp code in buffer "
+                         (buffer-name) " to display forms ")))
+            (eval-current-buffer)
+          (error "`enable-local-eval' inhibits buffer evaluation"))
        ;; check if the mandatory variables make sense.
        (or forms-file
@@ -514,6 +520,9 @@ Commands:                        Equivalent keys in read-only mode:
        ;;(message "forms: setting up... done.")
        ))
+  ;; initialization done
+  (setq forms--mode-setup t)
  ;; Copy desired faces to the actual variables used by the forms formatter.
  (if (fboundp 'make-face)
      (progn
@@ -595,9 +604,7 @@ Commands:                        Equivalent keys in read-only mode:
  ;; be helpful
  (forms--help)
+)
-  ;; initialization done
-  (setq forms--mode-setup t))
 (defun forms--process-format-list ()
  ;; Validate `forms-format-list' and set some global variables.
@@ -1163,19 +1170,13 @@ Commands:                        Equivalent keys in read-only mode:
                                   (current-local-map)
                                   (current-global-map))))
  ;;
-  ;; save-buffer -> forms--save-buffer
+  ;; Use local-write-file-hooks to invoke our own buffer save
+  ;; function. Note however that it usually does not work.
  (make-local-variable 'local-write-file-hooks)
-  (add-hook 'local-write-file-hooks
+  (add-hook 'local-write-file-hooks 'forms--local-write-file-function)
-            (function
+  ;; We have our own revert function - use it.
-             (lambda (nil)
-               (forms--checkmod)
-               (save-excursion
-                 (set-buffer forms--file-buffer)
-                 (save-buffer))
-               t)))
-  ;; We have our own revert function - use it
  (make-local-variable 'revert-buffer-function)
-  (setq revert-buffer-function 'forms-revert-buffer)
+  (setq revert-buffer-function 'forms--revert-buffer)
  t)
@@ -1366,16 +1367,19 @@ As a side effect: sets `forms--the-record-list'."
 (defun forms-find-file (fn)
  "Visit a file in Forms mode."
  (interactive "fForms file: ")
-  (find-file-read-only fn)
+  (let ((enable-local-eval t)
-  (or forms--mode-setup (forms-mode t)))
+        (enable-local-variables t))
+    (find-file-read-only fn)
+    (or forms--mode-setup (forms-mode t))))
 ;;;###autoload
 (defun forms-find-file-other-window (fn)
  "Visit a file in Forms mode in other window."
  (interactive "fFbrowse file in other window: ")
-  (find-file-other-window fn)
+  (let ((enable-local-eval t)
-  (eval-current-buffer)
+        (enable-local-variables t))
-  (or forms--mode-setup (forms-mode t)))
+    (find-file-other-window fn)
+    (or forms--mode-setup (forms-mode t))))
 (defun forms-exit (query)
  "Normal exit from Forms mode.  Modified buffers are saved."
@@ -1608,7 +1612,15 @@ it is called to fill (some of) the fields with default values."
          (re-search-forward regexp nil t))))
  (setq forms--search-regexp regexp))
-(defun forms-revert-buffer (&optional arg noconfirm)
+(defun forms--local-write-file-function ()
+  "Local write file hook."
+  (forms--checkmod)
+  (save-excursion
+    (set-buffer forms--file-buffer)
+    (save-buffer))
+  t)
+(defun forms--revert-buffer (&optional arg noconfirm)
  "Reverts current form to un-modified."
  (interactive "P")
  (if (or noconfirm
author	Richard M. Stallman	1994-06-13 12:07:44 +0000
committer	Richard M. Stallman	1994-06-13 12:07:44 +0000
commit	485efad04beb4aebd59b06f4b3342c46c4104bf2 (patch)
tree	78c519b130d828f323fb313d78481985e92d9bc8
parent	03240d11038e8c52fe56a07685b6191009dd2b10 (diff)
download	emacs-485efad04beb4aebd59b06f4b3342c46c4104bf2.tar.gz emacs-485efad04beb4aebd59b06f4b3342c46c4104bf2.zip

diff --git a/lisp/forms.el b/lisp/forms.el index 083eb1cb53f..9418f2f2341 100644 --- a/lisp/forms.el +++ b/lisp/forms.el
@@ -2,7 +2,7 @@
2	;;; Copyright (C) 1991, 1993 Free Software Foundation, Inc.	2	;;; Copyright (C) 1991, 1993 Free Software Foundation, Inc.
3		3
4	;; Author: Johan Vromans <jv@nl.net>	4	;; Author: Johan Vromans <jv@nl.net>
5	;; Version: $Revision: 2.5 $	5	;; Version: $Revision: 2.6 $
6		6
7	;; This file is part of GNU Emacs.	7	;; This file is part of GNU Emacs.
8		8
@@ -266,10 +266,10 @@
266	(provide 'forms) ;;; official	266	(provide 'forms) ;;; official
267	(provide 'forms-mode) ;;; for compatibility	267	(provide 'forms-mode) ;;; for compatibility
268		268
269	(defconst forms-version (substring "$Revision: 2.5 $" 11 -2)	269	(defconst forms-version (substring "$Revision: 2.6 $" 11 -2)
270	"The version number of forms-mode (as string). The complete RCS id is:	270	"The version number of forms-mode (as string). The complete RCS id is:
271		271
272	$Id: forms.el,v 2.5 1994/05/07 01:52:42 kwzh Exp rms $")	272	$Id: forms.el,v 2.6 1994/05/22 22:07:37 rms Exp rms $")
273		273
274	(defvar forms-mode-hooks nil	274	(defvar forms-mode-hooks nil
275	"Hook functions to be run upon entering Forms mode.")	275	"Hook functions to be run upon entering Forms mode.")
@@ -444,7 +444,13 @@ Commands: Equivalent keys in read-only mode:
444		444
445	;; eval the buffer, should set variables	445	;; eval the buffer, should set variables
446	;;(message "forms: processing control file...")	446	;;(message "forms: processing control file...")
447	(eval-current-buffer)	447	;; If enable-local-eval is not set to t the user is asked first.
		448	(if (or (eq enable-local-eval t)
		449	(yes-or-no-p
		450	(concat "Evaluate lisp code in buffer "
		451	(buffer-name) " to display forms ")))
		452	(eval-current-buffer)
		453	(error "`enable-local-eval' inhibits buffer evaluation"))
448		454
449	;; check if the mandatory variables make sense.	455	;; check if the mandatory variables make sense.
450	(or forms-file	456	(or forms-file
@@ -514,6 +520,9 @@ Commands: Equivalent keys in read-only mode:
514	;;(message "forms: setting up... done.")	520	;;(message "forms: setting up... done.")
515	))	521	))
516		522
		523	;; initialization done
		524	(setq forms--mode-setup t)
		525
517	;; Copy desired faces to the actual variables used by the forms formatter.	526	;; Copy desired faces to the actual variables used by the forms formatter.
518	(if (fboundp 'make-face)	527	(if (fboundp 'make-face)
519	(progn	528	(progn
@@ -595,9 +604,7 @@ Commands: Equivalent keys in read-only mode:
595		604
596	;; be helpful	605	;; be helpful
597	(forms--help)	606	(forms--help)
598		607	)
599	;; initialization done
600	(setq forms--mode-setup t))
601		608
602	(defun forms--process-format-list ()	609	(defun forms--process-format-list ()
603	;; Validate `forms-format-list' and set some global variables.	610	;; Validate `forms-format-list' and set some global variables.
@@ -1163,19 +1170,13 @@ Commands: Equivalent keys in read-only mode:
1163	(current-local-map)	1170	(current-local-map)
1164	(current-global-map))))	1171	(current-global-map))))
1165	;;	1172	;;
1166	;; save-buffer -> forms--save-buffer	1173	;; Use local-write-file-hooks to invoke our own buffer save
		1174	;; function. Note however that it usually does not work.
1167	(make-local-variable 'local-write-file-hooks)	1175	(make-local-variable 'local-write-file-hooks)
1168	(add-hook 'local-write-file-hooks	1176	(add-hook 'local-write-file-hooks 'forms--local-write-file-function)
1169	(function	1177	;; We have our own revert function - use it.
1170	(lambda (nil)
1171	(forms--checkmod)
1172	(save-excursion
1173	(set-buffer forms--file-buffer)
1174	(save-buffer))
1175	t)))
1176	;; We have our own revert function - use it
1177	(make-local-variable 'revert-buffer-function)	1178	(make-local-variable 'revert-buffer-function)
1178	(setq revert-buffer-function 'forms-revert-buffer)	1179	(setq revert-buffer-function 'forms--revert-buffer)
1179		1180
1180	t)	1181	t)
1181		1182
@@ -1366,16 +1367,19 @@ As a side effect: sets `forms--the-record-list'."
1366	(defun forms-find-file (fn)	1367	(defun forms-find-file (fn)
1367	"Visit a file in Forms mode."	1368	"Visit a file in Forms mode."
1368	(interactive "fForms file: ")	1369	(interactive "fForms file: ")
1369	(find-file-read-only fn)	1370	(let ((enable-local-eval t)
1370	(or forms--mode-setup (forms-mode t)))	1371	(enable-local-variables t))
		1372	(find-file-read-only fn)
		1373	(or forms--mode-setup (forms-mode t))))
1371		1374
1372	;;;###autoload	1375	;;;###autoload
1373	(defun forms-find-file-other-window (fn)	1376	(defun forms-find-file-other-window (fn)
1374	"Visit a file in Forms mode in other window."	1377	"Visit a file in Forms mode in other window."
1375	(interactive "fFbrowse file in other window: ")	1378	(interactive "fFbrowse file in other window: ")
1376	(find-file-other-window fn)	1379	(let ((enable-local-eval t)
1377	(eval-current-buffer)	1380	(enable-local-variables t))
1378	(or forms--mode-setup (forms-mode t)))	1381	(find-file-other-window fn)
		1382	(or forms--mode-setup (forms-mode t))))
1379		1383
1380	(defun forms-exit (query)	1384	(defun forms-exit (query)
1381	"Normal exit from Forms mode. Modified buffers are saved."	1385	"Normal exit from Forms mode. Modified buffers are saved."
@@ -1608,7 +1612,15 @@ it is called to fill (some of) the fields with default values."
1608	(re-search-forward regexp nil t))))	1612	(re-search-forward regexp nil t))))
1609	(setq forms--search-regexp regexp))	1613	(setq forms--search-regexp regexp))
1610		1614
1611	(defun forms-revert-buffer (&optional arg noconfirm)	1615	(defun forms--local-write-file-function ()
		1616	"Local write file hook."
		1617	(forms--checkmod)
		1618	(save-excursion
		1619	(set-buffer forms--file-buffer)
		1620	(save-buffer))
		1621	t)
		1622
		1623	(defun forms--revert-buffer (&optional arg noconfirm)
1612	"Reverts current form to un-modified."	1624	"Reverts current form to un-modified."
1613	(interactive "P")	1625	(interactive "P")
1614	(if (or noconfirm	1626	(if (or noconfirm