3 files changed, 26 insertions, 20 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 9529d85c89b..30fc5c29f7b 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,10 @@
+2010-10-18  Chong Yidong  <cyd@stupidchicken.com>
+
+        * custom.el (custom-theme-set-variables): Mark as a safe function.
+        (load-theme): Check forms using unsafep.
+
+        * cus-face.el (custom-theme-set-faces): Mark as a safe function.
+
 2010-10-17  Agustín Martín  <agustin.martin@hispalinux.es>
 
         * textmodes/ispell.el (ispell-aspell-find-dictionary): Fix
diff --git a/lisp/cus-face.el b/lisp/cus-face.el
index ebb20012afa..fd6db787d32 100644
--- a/lisp/cus-face.el
+++ b/lisp/cus-face.el
@@ -349,6 +349,8 @@ FACE's list property `theme-face' \(using `custom-push-theme')."
               (put face 'face-override-spec nil)
               (face-spec-set face spec t))))))))
 
+(put 'custom-theme-set-faces 'safe-function t)
+
 ;; XEmacs compability function.  In XEmacs, when you reset a Custom
 ;; Theme, you have to specify the theme to reset it to.  We just apply
 ;; the next theme.
diff --git a/lisp/custom.el b/lisp/custom.el
index 4bc230a7662..8a7739d1be4 100644
--- a/lisp/custom.el
+++ b/lisp/custom.el
@@ -993,6 +993,8 @@ in SYMBOL's list property `theme-value' \(using `custom-push-theme')."
           (and (or now (default-boundp symbol))
                (put symbol 'variable-comment comment)))))))
 
+(put 'custom-theme-set-variables 'safe-function t)
+
 
 ;;; Defining themes.
 
@@ -1134,32 +1136,27 @@ the theme."
     (with-temp-buffer
       (insert-file-contents fn)
       (let ((custom--inhibit-theme-enable no-enable)
-            sexp scar)
-        (while (setq sexp (let ((read-circle nil))
+            form scar)
+        (while (setq form (let ((read-circle nil))
                             (condition-case nil
                                 (read (current-buffer))
                               (end-of-file nil))))
-          ;; Perform some checks on each sexp before evaluating it.
           (cond
-           ((not (listp sexp)))
-           ((eq (setq scar (car sexp)) 'deftheme)
-            (unless (eq (cadr sexp) theme)
+           ;; Check `deftheme' expressions.
+           ((eq (setq scar (car form)) 'deftheme)
+            (unless (eq (cadr form) theme)
               (error "Incorrect theme name in `deftheme'"))
-            (and (symbolp (nth 1 sexp))
-                 (stringp (nth 2 sexp))
-                 (eval (list scar (nth 1 sexp) (nth 2 sexp)))))
-           ((or (eq scar 'custom-theme-set-variables)
-                (eq scar 'custom-theme-set-faces))
-            (unless (equal (nth 1 sexp) `(quote ,theme))
-              (error "Incorrect theme name in theme settings"))
-            (dolist (entry (cddr sexp))
-              (unless (eq (car-safe entry) 'quote)
-                (error "Unsafe expression in theme settings")))
-            (eval sexp))
+            (and (symbolp (nth 1 form))
+                 (stringp (nth 2 form))
+                 (eval (list scar (nth 1 form) (nth 2 form)))))
+           ;; Check `provide-theme' expressions.
            ((and (eq scar 'provide-theme)
-                 (equal (cadr sexp) `(quote ,theme))
-                 (= (length sexp) 2))
-            (eval sexp))))))))
+                 (equal (cadr form) `(quote ,theme))
+                 (= (length form) 2))
+            (eval form))
+           ;; All other expressions need to be safe.
+           ((not (unsafep form))
+            (eval form))))))))
 
 (defun custom-theme-name-valid-p (name)
   "Return t if NAME is a valid name for a Custom theme, nil otherwise.