diff options
| author | Chong Yidong | 2010-10-18 13:26:25 -0400 |
|---|---|---|
| committer | Chong Yidong | 2010-10-18 13:26:25 -0400 |
| commit | e48eb34332dc91de823314090451459ba2ffacbf (patch) | |
| tree | 263cbc88b4c9b51f8b3101c17ed3026bd94c9b37 /lisp/custom.el | |
| parent | df987d70a30d886cf9a54b94b4ddcc88c965ce07 (diff) | |
| download | emacs-e48eb34332dc91de823314090451459ba2ffacbf.tar.gz emacs-e48eb34332dc91de823314090451459ba2ffacbf.zip | |
Use unsafep to check for theme safety.
* cus-face.el (custom-theme-set-faces): Mark as a safe function.
* custom.el (custom-theme-set-variables): Mark as a safe function.
(load-theme): Check forms using unsafep.
Diffstat (limited to 'lisp/custom.el')
| -rw-r--r-- | lisp/custom.el | 37 |
1 files changed, 17 insertions, 20 deletions
diff --git a/lisp/custom.el b/lisp/custom.el index 4bc230a7662..8a7739d1be4 100644 --- a/lisp/custom.el +++ b/lisp/custom.el | |||
| @@ -993,6 +993,8 @@ in SYMBOL's list property `theme-value' \(using `custom-push-theme')." | |||
| 993 | (and (or now (default-boundp symbol)) | 993 | (and (or now (default-boundp symbol)) |
| 994 | (put symbol 'variable-comment comment))))))) | 994 | (put symbol 'variable-comment comment))))))) |
| 995 | 995 | ||
| 996 | (put 'custom-theme-set-variables 'safe-function t) | ||
| 997 | |||
| 996 | 998 | ||
| 997 | ;;; Defining themes. | 999 | ;;; Defining themes. |
| 998 | 1000 | ||
| @@ -1134,32 +1136,27 @@ the theme." | |||
| 1134 | (with-temp-buffer | 1136 | (with-temp-buffer |
| 1135 | (insert-file-contents fn) | 1137 | (insert-file-contents fn) |
| 1136 | (let ((custom--inhibit-theme-enable no-enable) | 1138 | (let ((custom--inhibit-theme-enable no-enable) |
| 1137 | sexp scar) | 1139 | form scar) |
| 1138 | (while (setq sexp (let ((read-circle nil)) | 1140 | (while (setq form (let ((read-circle nil)) |
| 1139 | (condition-case nil | 1141 | (condition-case nil |
| 1140 | (read (current-buffer)) | 1142 | (read (current-buffer)) |
| 1141 | (end-of-file nil)))) | 1143 | (end-of-file nil)))) |
| 1142 | ;; Perform some checks on each sexp before evaluating it. | ||
| 1143 | (cond | 1144 | (cond |
| 1144 | ((not (listp sexp))) | 1145 | ;; Check `deftheme' expressions. |
| 1145 | ((eq (setq scar (car sexp)) 'deftheme) | 1146 | ((eq (setq scar (car form)) 'deftheme) |
| 1146 | (unless (eq (cadr sexp) theme) | 1147 | (unless (eq (cadr form) theme) |
| 1147 | (error "Incorrect theme name in `deftheme'")) | 1148 | (error "Incorrect theme name in `deftheme'")) |
| 1148 | (and (symbolp (nth 1 sexp)) | 1149 | (and (symbolp (nth 1 form)) |
| 1149 | (stringp (nth 2 sexp)) | 1150 | (stringp (nth 2 form)) |
| 1150 | (eval (list scar (nth 1 sexp) (nth 2 sexp))))) | 1151 | (eval (list scar (nth 1 form) (nth 2 form))))) |
| 1151 | ((or (eq scar 'custom-theme-set-variables) | 1152 | ;; Check `provide-theme' expressions. |
| 1152 | (eq scar 'custom-theme-set-faces)) | ||
| 1153 | (unless (equal (nth 1 sexp) `(quote ,theme)) | ||
| 1154 | (error "Incorrect theme name in theme settings")) | ||
| 1155 | (dolist (entry (cddr sexp)) | ||
| 1156 | (unless (eq (car-safe entry) 'quote) | ||
| 1157 | (error "Unsafe expression in theme settings"))) | ||
| 1158 | (eval sexp)) | ||
| 1159 | ((and (eq scar 'provide-theme) | 1153 | ((and (eq scar 'provide-theme) |
| 1160 | (equal (cadr sexp) `(quote ,theme)) | 1154 | (equal (cadr form) `(quote ,theme)) |
| 1161 | (= (length sexp) 2)) | 1155 | (= (length form) 2)) |
| 1162 | (eval sexp)))))))) | 1156 | (eval form)) |
| 1157 | ;; All other expressions need to be safe. | ||
| 1158 | ((not (unsafep form)) | ||
| 1159 | (eval form)))))))) | ||
| 1163 | 1160 | ||
| 1164 | (defun custom-theme-name-valid-p (name) | 1161 | (defun custom-theme-name-valid-p (name) |
| 1165 | "Return t if NAME is a valid name for a Custom theme, nil otherwise. | 1162 | "Return t if NAME is a valid name for a Custom theme, nil otherwise. |