Record "safe themes" as sha1 hashes, as suggested by Stefan Monnier.

* lisp/custom.el (custom-safe-themes): Rename from custom-safe-theme-files. Add :risky tag. (load-theme, custom-theme-load-confirm): Save sha1 hashes to custom-safe-themes, not filenames. Suggested by Stefan Monnier.
author: Chong Yidong 2011-01-08 23:59:56 -0500
committer: Chong Yidong 2011-01-08 23:59:56 -0500
commit: b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c (patch)
tree: 12e6a004cb8912d03b80f7695b21f701569bce2b
parent: 900503ae7959dc465c3897f3deafd55e09a93ee3 (diff)
download: emacs-b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c.tar.gz
emacs-b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c.zip
3 files changed, 81 insertions, 71 deletions
diff --git a/etc/NEWS b/etc/NEWS
index 0fd74252601..2db17e550d0 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -219,9 +219,10 @@ Emacs no longer looks for custom themes in `load-path'.  The default
 is to search in `custom-theme-directory', followed by a built-in theme
 directory named "themes/" in `data-directory'.
-*** New option `custom-safe-theme-files' lists known-safe theme files.
+*** New option `custom-safe-themes' records known-safe theme files.
-If a theme is not in this list, Emacs queries before loading it.
+If a theme is not in this list, Emacs queries before loading it, and
-The default value treats all themes included in Emacs as safe.
+offers to save the theme to `custom-safe-themes' automatically.  By
+default, all themes included in Emacs are treated as safe.
 ** The user option `remote-file-name-inhibit-cache' controls whether
 the remote file-name cache is used for read access.
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 1a1f9205793..c09c89a5efa 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,12 @@
 2011-01-09  Chong Yidong  <cyd@stupidchicken.com>
+        * custom.el (custom-safe-themes): Rename from
+        custom-safe-theme-files.  Add :risky tag.
+        (load-theme, custom-theme-load-confirm): Save sha1 hashes to
+        custom-safe-themes, not filenames.  Suggested by Stefan Monnier.
+2011-01-09  Chong Yidong  <cyd@stupidchicken.com>
        * tool-bar.el (tool-bar-setup): Remove Help button.  Remove label
        from Search and add a label to Undo.
diff --git a/lisp/custom.el b/lisp/custom.el
index f984d132dd1..6a0beae749e 100644
--- a/lisp/custom.el
+++ b/lisp/custom.el
@@ -1105,14 +1105,16 @@ property `theme-feature' (which is usually a symbol created by
    (let ((custom-enabling-themes t))
      (enable-theme 'user))))
-(defcustom custom-safe-theme-files '(default)
+(defcustom custom-safe-themes '(default)
-  "List of theme files that are considered safe to load.
+  "List of themes that are considered safe to load.
-Each list element should be either an absolute file name, or the
+Each list element should be the `sha1' hash of a theme file, or
-symbol `default', which stands for the built-in Emacs theme
+the symbol `default', which stands for any theme in the built-in
-directory (a directory named \"themes\" in `data-directory'."
+Emacs theme directory (a directory named \"themes\" in
+`data-directory')."
  :type '(repeat
-          (choice file (const :tag "Built-in theme directory" default)))
+          (choice string (const :tag "Built-in themes" default)))
  :group 'customize
+  :risky t
  :version "24.1")
 (defvar safe-functions) ; From unsafep.el
@@ -1140,74 +1142,74 @@ in one of the directories specified by `custom-theme-load-path'."
    (put theme 'theme-documentation nil))
  (let ((fn (locate-file (concat (symbol-name theme) "-theme.el")
                         (custom-theme--load-path)
-                         '("" "c"))))
+                         '("" "c")))
+        hash)
    (unless fn
      (error "Unable to find theme file for `%s'." theme))
-    ;; Check file safety.
+    (with-temp-buffer
-    (when (or (and (memq 'default custom-safe-theme-files)
+      (insert-file-contents fn)
-                   (equal (file-name-directory fn)
+      (setq hash (sha1 (current-buffer)))
-                          (expand-file-name "themes/" data-directory)))
+      ;; Check file safety.
-              (member fn custom-safe-theme-files)
+      (when (or (and (memq 'default custom-safe-themes)
-              ;; If the file is not in the builtin theme directory or
+                     (equal (file-name-directory fn)
-              ;; in `custom-safe-theme-files', check it with unsafep.
+                            (expand-file-name "themes/" data-directory)))
-              (with-temp-buffer
+                (member hash custom-safe-themes)
-                (require 'unsafep)
+                ;; If the theme is not in `custom-safe-themes', check
-                (insert-file-contents fn)
+                ;; it with unsafep.
-                (let ((safe-functions (append '(provide-theme deftheme
+                (progn
-                                                custom-theme-set-variables
+                  (require 'unsafep)
-                                                custom-theme-set-faces)
+                  (let ((safe-functions
-                                              safe-functions))
+                         (append '(provide-theme deftheme
-                      unsafep form)
+                                   custom-theme-set-variables
-                  (while (and (setq form (condition-case nil
+                                   custom-theme-set-faces)
-                                             (let ((read-circle nil))
+                                 safe-functions))
-                                               (read (current-buffer)))
+                        unsafep form)
-                                           (end-of-file nil)))
+                    (while (and (setq form (condition-case nil
-                              (null (setq unsafep (unsafep form)))))
+                                               (let ((read-circle nil))
-                  (or (null unsafep)
+                                                 (read (current-buffer)))
-                      (custom-theme-load-confirm fn)))))
+                                             (end-of-file nil)))
-      (let ((custom--inhibit-theme-enable no-enable))
+                                (null (setq unsafep (unsafep form)))))
-        (load fn)))))
+                    (or (null unsafep)
+                        (custom-theme-load-confirm hash)))))
-(defun custom-theme-load-confirm (filename)
+        (let ((custom--inhibit-theme-enable no-enable))
+          (eval-buffer))))))
+(defun custom-theme-load-confirm (hash)
+  "Query the user about loading a Custom theme that may not be safe.
+The theme should be in the current buffer.  If the user agrees,
+query also about adding HASH to `custom-safe-themes'."
  (if noninteractive
      nil
-    (let ((existing-buffer (find-buffer-visiting filename))
+    (let ((exit-chars '(?y ?n ?\s))
-          (exit-chars '(?y ?n ?\s ?\C-g))
          prompt char)
      (save-window-excursion
-        (if existing-buffer
+        (rename-buffer "*Custom Theme*" t)
-            (pop-to-buffer existing-buffer)
+        (emacs-lisp-mode)
-          (find-file filename))
+        (display-buffer (current-buffer))
-        (unwind-protect
+        (setq prompt
-            (progn
+              (format "This theme is not guaranteed to be safe.  Really load? %s"
-              (setq prompt
+                      (if (< (line-number-at-pos (point-max))
-                    (format "This theme is not guaranteed to be safe.  Really load? %s"
+                             (window-body-height))
-                            (if (< (line-number-at-pos (point-max))
+                          "(y or n) "
-                                   (window-body-height))
+                        (push ?\C-v exit-chars)
-                                "(y or n) "
+                        "Type y or n, or C-v to scroll: ")))
-                              (push ?\C-v exit-chars)
+        (goto-char (point-min))
-                              "Type y or n, or C-v to scroll: ")))
+        (while (null char)
-              (goto-char (point-min))
+          (setq char (read-char-choice prompt exit-chars))
-              (while (null char)
+          (when (eq char ?\C-v)
-                (setq char (read-char-choice prompt exit-chars t))
+            (condition-case nil
-                (when (eq char ?\C-v)
+                (scroll-up)
-                  (condition-case nil
+              (error (goto-char (point-min))))
-                      (scroll-up)
+            (setq char nil)))
-                    (error (goto-char (point-min))))
+        (when (memq char '(?\s ?y))
-                  (setq char nil)))
+          (push hash custom-safe-themes)
-              (when (memq char '(?\s ?y))
+          ;; Offer to save to `custom-safe-themes'.
-                (push filename custom-safe-theme-files)
+          (and (or custom-file user-init-file)
-                ;; Offer to save to `custom-safe-theme-files'.
+               (y-or-n-p "Treat this theme as safe for future loads? ")
-                (and (or custom-file user-init-file)
+               (let ((coding-system-for-read nil))
-                     (y-or-n-p "Treat %s as safe for future loads? "
+                 (customize-save-variable 'custom-safe-themes
-                               (file-name-nondirectory filename))
+                                          custom-safe-themes)))
-                     (let ((coding-system-for-read nil))
+          t)))))
-                       (customize-save-variable
-                        'custom-safe-theme-files
-                        custom-safe-theme-files)))
-                t))
-          ;; Unwind form.
-          (unless existing-buffer (kill-buffer)))))))
 (defun custom-theme-name-valid-p (name)
  "Return t if NAME is a valid name for a Custom theme, nil otherwise.
author	Chong Yidong	2011-01-08 23:59:56 -0500
committer	Chong Yidong	2011-01-08 23:59:56 -0500
commit	b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c (patch)
tree	12e6a004cb8912d03b80f7695b21f701569bce2b
parent	900503ae7959dc465c3897f3deafd55e09a93ee3 (diff)
download	emacs-b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c.tar.gz emacs-b7617f6d8b78434a5b208df8a17a8cf8d68b4d7c.zip

diff --git a/etc/NEWS b/etc/NEWS index 0fd74252601..2db17e550d0 100644 --- a/etc/NEWS +++ b/etc/NEWS
@@ -219,9 +219,10 @@ Emacs no longer looks for custom themes in `load-path'. The default
219	is to search in `custom-theme-directory', followed by a built-in theme	219	is to search in `custom-theme-directory', followed by a built-in theme
220	directory named "themes/" in `data-directory'.	220	directory named "themes/" in `data-directory'.
221		221
222	*** New option `custom-safe-theme-files' lists known-safe theme files.	222	*** New option `custom-safe-themes' records known-safe theme files.
223	If a theme is not in this list, Emacs queries before loading it.	223	If a theme is not in this list, Emacs queries before loading it, and
224	The default value treats all themes included in Emacs as safe.	224	offers to save the theme to `custom-safe-themes' automatically. By
		225	default, all themes included in Emacs are treated as safe.
225		226
226	** The user option `remote-file-name-inhibit-cache' controls whether	227	** The user option `remote-file-name-inhibit-cache' controls whether
227	the remote file-name cache is used for read access.	228	the remote file-name cache is used for read access.


diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 1a1f9205793..c09c89a5efa 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog
@@ -1,5 +1,12 @@
1	2011-01-09 Chong Yidong <cyd@stupidchicken.com>	1	2011-01-09 Chong Yidong <cyd@stupidchicken.com>
2		2
		3	* custom.el (custom-safe-themes): Rename from
		4	custom-safe-theme-files. Add :risky tag.
		5	(load-theme, custom-theme-load-confirm): Save sha1 hashes to
		6	custom-safe-themes, not filenames. Suggested by Stefan Monnier.
		7
		8	2011-01-09 Chong Yidong <cyd@stupidchicken.com>
		9
3	* tool-bar.el (tool-bar-setup): Remove Help button. Remove label	10	* tool-bar.el (tool-bar-setup): Remove Help button. Remove label
4	from Search and add a label to Undo.	11	from Search and add a label to Undo.
5		12


diff --git a/lisp/custom.el b/lisp/custom.el index f984d132dd1..6a0beae749e 100644 --- a/lisp/custom.el +++ b/lisp/custom.el
@@ -1105,14 +1105,16 @@ property `theme-feature' (which is usually a symbol created by
1105	(let ((custom-enabling-themes t))	1105	(let ((custom-enabling-themes t))
1106	(enable-theme 'user))))	1106	(enable-theme 'user))))
1107		1107
1108	(defcustom custom-safe-theme-files '(default)	1108	(defcustom custom-safe-themes '(default)
1109	"List of theme files that are considered safe to load.	1109	"List of themes that are considered safe to load.
1110	Each list element should be either an absolute file name, or the	1110	Each list element should be the `sha1' hash of a theme file, or
1111	symbol `default', which stands for the built-in Emacs theme	1111	the symbol `default', which stands for any theme in the built-in
1112	directory (a directory named \"themes\" in `data-directory'."	1112	Emacs theme directory (a directory named \"themes\" in
		1113	`data-directory')."
1113	:type '(repeat	1114	:type '(repeat
1114	(choice file (const :tag "Built-in theme directory" default)))	1115	(choice string (const :tag "Built-in themes" default)))
1115	:group 'customize	1116	:group 'customize
		1117	:risky t
1116	:version "24.1")	1118	:version "24.1")
1117		1119
1118	(defvar safe-functions) ; From unsafep.el	1120	(defvar safe-functions) ; From unsafep.el
@@ -1140,74 +1142,74 @@ in one of the directories specified by `custom-theme-load-path'."
1140	(put theme 'theme-documentation nil))	1142	(put theme 'theme-documentation nil))
1141	(let ((fn (locate-file (concat (symbol-name theme) "-theme.el")	1143	(let ((fn (locate-file (concat (symbol-name theme) "-theme.el")
1142	(custom-theme--load-path)	1144	(custom-theme--load-path)
1143	'("" "c"))))	1145	'("" "c")))
		1146	hash)
1144	(unless fn	1147	(unless fn
1145	(error "Unable to find theme file for `%s'." theme))	1148	(error "Unable to find theme file for `%s'." theme))
1146	;; Check file safety.	1149	(with-temp-buffer
1147	(when (or (and (memq 'default custom-safe-theme-files)	1150	(insert-file-contents fn)
1148	(equal (file-name-directory fn)	1151	(setq hash (sha1 (current-buffer)))
1149	(expand-file-name "themes/" data-directory)))	1152	;; Check file safety.
1150	(member fn custom-safe-theme-files)	1153	(when (or (and (memq 'default custom-safe-themes)
1151	;; If the file is not in the builtin theme directory or	1154	(equal (file-name-directory fn)
1152	;; in `custom-safe-theme-files', check it with unsafep.	1155	(expand-file-name "themes/" data-directory)))
1153	(with-temp-buffer	1156	(member hash custom-safe-themes)
1154	(require 'unsafep)	1157	;; If the theme is not in `custom-safe-themes', check
1155	(insert-file-contents fn)	1158	;; it with unsafep.
1156	(let ((safe-functions (append '(provide-theme deftheme	1159	(progn
1157	custom-theme-set-variables	1160	(require 'unsafep)
1158	custom-theme-set-faces)	1161	(let ((safe-functions
1159	safe-functions))	1162	(append '(provide-theme deftheme
1160	unsafep form)	1163	custom-theme-set-variables
1161	(while (and (setq form (condition-case nil	1164	custom-theme-set-faces)
1162	(let ((read-circle nil))	1165	safe-functions))
1163	(read (current-buffer)))	1166	unsafep form)
1164	(end-of-file nil)))	1167	(while (and (setq form (condition-case nil
1165	(null (setq unsafep (unsafep form)))))	1168	(let ((read-circle nil))
1166	(or (null unsafep)	1169	(read (current-buffer)))
1167	(custom-theme-load-confirm fn)))))	1170	(end-of-file nil)))
1168	(let ((custom--inhibit-theme-enable no-enable))	1171	(null (setq unsafep (unsafep form)))))
1169	(load fn)))))	1172	(or (null unsafep)
1170		1173	(custom-theme-load-confirm hash)))))
1171	(defun custom-theme-load-confirm (filename)	1174	(let ((custom--inhibit-theme-enable no-enable))
		1175	(eval-buffer))))))
		1176
		1177	(defun custom-theme-load-confirm (hash)
		1178	"Query the user about loading a Custom theme that may not be safe.
		1179	The theme should be in the current buffer. If the user agrees,
		1180	query also about adding HASH to `custom-safe-themes'."
1172	(if noninteractive	1181	(if noninteractive
1173	nil	1182	nil
1174	(let ((existing-buffer (find-buffer-visiting filename))	1183	(let ((exit-chars '(?y ?n ?\s))
1175	(exit-chars '(?y ?n ?\s ?\C-g))
1176	prompt char)	1184	prompt char)
1177	(save-window-excursion	1185	(save-window-excursion
1178	(if existing-buffer	1186	(rename-buffer "Custom Theme" t)
1179	(pop-to-buffer existing-buffer)	1187	(emacs-lisp-mode)
1180	(find-file filename))	1188	(display-buffer (current-buffer))
1181	(unwind-protect	1189	(setq prompt
1182	(progn	1190	(format "This theme is not guaranteed to be safe. Really load? %s"
1183	(setq prompt	1191	(if (< (line-number-at-pos (point-max))
1184	(format "This theme is not guaranteed to be safe. Really load? %s"	1192	(window-body-height))
1185	(if (< (line-number-at-pos (point-max))	1193	"(y or n) "
1186	(window-body-height))	1194	(push ?\C-v exit-chars)
1187	"(y or n) "	1195	"Type y or n, or C-v to scroll: ")))
1188	(push ?\C-v exit-chars)	1196	(goto-char (point-min))
1189	"Type y or n, or C-v to scroll: ")))	1197	(while (null char)
1190	(goto-char (point-min))	1198	(setq char (read-char-choice prompt exit-chars))
1191	(while (null char)	1199	(when (eq char ?\C-v)
1192	(setq char (read-char-choice prompt exit-chars t))	1200	(condition-case nil
1193	(when (eq char ?\C-v)	1201	(scroll-up)
1194	(condition-case nil	1202	(error (goto-char (point-min))))
1195	(scroll-up)	1203	(setq char nil)))
1196	(error (goto-char (point-min))))	1204	(when (memq char '(?\s ?y))
1197	(setq char nil)))	1205	(push hash custom-safe-themes)
1198	(when (memq char '(?\s ?y))	1206	;; Offer to save to `custom-safe-themes'.
1199	(push filename custom-safe-theme-files)	1207	(and (or custom-file user-init-file)
1200	;; Offer to save to `custom-safe-theme-files'.	1208	(y-or-n-p "Treat this theme as safe for future loads? ")
1201	(and (or custom-file user-init-file)	1209	(let ((coding-system-for-read nil))
1202	(y-or-n-p "Treat %s as safe for future loads? "	1210	(customize-save-variable 'custom-safe-themes
1203	(file-name-nondirectory filename))	1211	custom-safe-themes)))
1204	(let ((coding-system-for-read nil))	1212	t)))))
1205	(customize-save-variable
1206	'custom-safe-theme-files
1207	custom-safe-theme-files)))
1208	t))
1209	;; Unwind form.
1210	(unless existing-buffer (kill-buffer)))))))
1211		1213
1212	(defun custom-theme-name-valid-p (name)	1214	(defun custom-theme-name-valid-p (name)
1213	"Return t if NAME is a valid name for a Custom theme, nil otherwise.	1215	"Return t if NAME is a valid name for a Custom theme, nil otherwise.