Be safer about "%" in message formats

* lisp/calc/calc-store.el (calc-copy-special-constant):
* lisp/net/rcirc.el (rcirc-handler-PART, rcirc-handler-KICK):
* lisp/org/org-agenda.el (org-agenda):
* lisp/org/org-clock.el (org-clock-out, org-clock-display):
* lisp/org/org.el (org-refile):
* lisp/progmodes/ada-xref.el (ada-goto-declaration):
* lisp/progmodes/idlwave.el (idlwave-scan-library-catalogs):
Don’t trust arbitrary strings to not contain "%" or "`" in
(message (concat STRING1 STRING2 ...)).

diff --git a/lisp/calc/calc-store.el b/lisp/calc/calc-store.el
index 589a776c413dcdecdf153c47e00f99d23430839d..3987c129c2321ecdc2153773e381290664510062 100644 (file)
--- a/lisp/calc/calc-store.el
+++ b/lisp/calc/calc-store.el
@@ -405,8 +405,8 @@
                                     sconst))))
        (if var
            (let ((msg (calc-store-value var value "")))
-             (message (concat "Special constant \"%s\" copied to \"%s\"" msg)
-                      sconst (calc-var-name var)))))))))
+            (message "Special constant \"%s\" copied to \"%s\"%s"
+                     sconst (calc-var-name var) msg))))))))
 
 (defun calc-copy-variable (&optional var1 var2)
   (interactive)

diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
index b1a6c1ce8d28ac895afef734def00d8dc455d111..9d53cd4436b19b7b05965880054cd5454a781332 100644 (file)
--- a/lisp/net/rcirc.el
+++ b/lisp/net/rcirc.el
@@ -2685,7 +2685,7 @@ the only argument."
 (defun rcirc-handler-PART (process sender args _text)
   (let* ((channel (car args))
         (reason (cadr args))
-        (message (concat channel " " reason)))
+        (message "%s %s" channel reason))
     (rcirc-print process sender "PART" channel message)
     ;; print in private chat buffer if it exists
     (when (rcirc-get-buffer (rcirc-buffer-process) sender)
@@ -2697,7 +2697,7 @@ the only argument."
   (let* ((channel (car args))
         (nick (cadr args))
         (reason (nth 2 args))
-        (message (concat nick " " channel " " reason)))
+        (message "%s %s %s" nick channel reason))
     (rcirc-print process sender "KICK" channel message t)
     ;; print in private chat buffer if it exists
     (when (rcirc-get-buffer (rcirc-buffer-process) nick)

diff --git a/lisp/org/org-agenda.el b/lisp/org/org-agenda.el
index e416f5f062acb96e4a8842cee73da027934bfc0d..23ee8d71e6699755efa2e5c3c60f6db28d50e1d9 100644 (file)
--- a/lisp/org/org-agenda.el
+++ b/lisp/org/org-agenda.el
@@ -2882,13 +2882,12 @@ Pressing `<' twice means to restrict to the current subtree or region
             (let* ((m (org-agenda-get-any-marker))
                    (note (and m (org-entry-get m "THEFLAGGINGNOTE"))))
               (when note
-                (message (concat
-                          "FLAGGING-NOTE ([?] for more info): "
-                          (org-add-props
-                              (replace-regexp-in-string
-                               "\\\\n" "//"
-                               (copy-sequence note))
-                              nil 'face 'org-warning)))))))
+                (message "FLAGGING-NOTE ([?] for more info): %s"
+                         (org-add-props
+                          (replace-regexp-in-string
+                           "\\\\n" "//"
+                           (copy-sequence note))
+                          nil 'face 'org-warning))))))
         t t))
        ((equal org-keys "#") (call-interactively 'org-agenda-list-stuck-projects))
        ((equal org-keys "/") (call-interactively 'org-occur-in-agenda-files))

diff --git a/lisp/org/org-clock.el b/lisp/org/org-clock.el
index 34b694d4879360ac82e8da2dbb2190505a134b3f..62c7cd92d12aa7ec27ec156e35f16befad51db4b 100644 (file)
--- a/lisp/org/org-clock.el
+++ b/lisp/org/org-clock.el
@@ -1622,9 +1622,10 @@ to, overriding the existing value of `org-clock-out-switch-to-state'."
                                                "\\>"))))
                  (org-todo org-clock-out-switch-to-state))))))
          (force-mode-line-update)
-         (message (concat "Clock stopped at %s after "
-                          (org-duration-from-minutes (+ (* 60 h) m)) "%s")
-                  te (if remove " => LINE REMOVED" ""))
+         (message (if remove
+                      "Clock stopped at %s after %s => LINE REMOVED"
+                    "Clock stopped at %s after %s")
+                  te (org-duration-from-minutes (+ (* 60 h) m)))
          (run-hooks 'org-clock-out-hook)
          (unless (org-clocking-p)
            (setq org-clock-current-task nil)))))))
@@ -1925,13 +1926,14 @@ Use `\\[org-clock-remove-overlays]' to remove the subtree times."
                    nil 'local))))
     (let* ((h (/ org-clock-file-total-minutes 60))
           (m (- org-clock-file-total-minutes (* 60 h))))
-      (message (concat (format "Total file time%s: "
-                              (cond (todayp " for today")
-                                    (customp " (custom)")
-                                    (t "")))
-                      (org-duration-from-minutes
-                       org-clock-file-total-minutes)
-                      " (%d hours and %d minutes)")
+      (message (cond
+               (todayp
+                "Total file time for today: %s (%d hours and %d minutes)")
+               (customp
+                "Total file time (custom): %s (%d hours and %d minutes)")
+               (t
+                "Total file time: %s (%d hours and %d minutes)"))
+              (org-duration-from-minutes org-clock-file-total-minutes)
               h m))))
 
 (defvar-local org-clock-overlays nil)

diff --git a/lisp/org/org.el b/lisp/org/org.el
index 3a434d12dfdd4bdaf650e7037790a67f97dab051..e3c78ae90d4b4e4814906bc36177018c2658bd99 100644 (file)
--- a/lisp/org/org.el
+++ b/lisp/org/org.el
@@ -11878,7 +11878,8 @@ prefix argument (`C-u C-u C-u C-c C-w')."
            (when (featurep 'org-inlinetask)
              (org-inlinetask-remove-END-maybe))
            (setq org-markers-to-move nil)
-           (message (concat actionmsg " to \"%s\" in file %s: done") (car it) file)))))))
+           (message "%s to \"%s\" in file %s: done" actionmsg
+                    (car it) file)))))))
 
 (defun org-refile-goto-last-stored ()
   "Go to the location where the last refile was stored."

diff --git a/lisp/progmodes/ada-xref.el b/lisp/progmodes/ada-xref.el
index 28c52b0653b67c82941db7c9c0a129a332cfe631..c9c923e1d693f78b2eee84e73a4d95e578da30b6 100644 (file)
--- a/lisp/progmodes/ada-xref.el
+++ b/lisp/progmodes/ada-xref.el
@@ -1133,8 +1133,7 @@ If OTHER-FRAME is non-nil, display the cross-reference in another frame."
        (ada-find-in-ali identlist other-frame)
       ;; File not found: print explicit error message
       (ada-error-file-not-found
-       (message (concat (error-message-string err)
-                       (nthcdr 1 err))))
+       (message "%s%s" (error-message-string err) (nthcdr 1 err)))
 
       (error
        (let ((ali-file (ada-get-ali-file-name (ada-file-of identlist))))

diff --git a/lisp/progmodes/idlwave.el b/lisp/progmodes/idlwave.el
index 476d935e8ae83cbe343da9ef7b74419de0924351..25bc788ffc4c9cdb9d56d7e6c17d07643ce24dec 100644 (file)
--- a/lisp/progmodes/idlwave.el
+++ b/lisp/progmodes/idlwave.el
@@ -5588,7 +5588,7 @@ be set to nil to disable library catalog scanning."
             (mapcar 'car idlwave-path-alist)))
          (old-libname "")
          dir-entry dir catalog all-routines)
-      (if message-base (message message-base))
+      (if message-base (message "%s" message-base))
       (while (setq dir (pop dirs))
        (catch 'continue
          (when (file-readable-p
@@ -5603,8 +5603,7 @@ be set to nil to disable library catalog scanning."
                     message-base
                     (not (string= idlwave-library-catalog-libname
                                   old-libname)))
-               (message "%s" (concat message-base
-                                     idlwave-library-catalog-libname))
+               (message "%s%s" message-base idlwave-library-catalog-libname)
                (setq old-libname idlwave-library-catalog-libname))
              (when idlwave-library-catalog-routines
                (setq all-routines
@@ -5618,7 +5617,7 @@ be set to nil to disable library catalog scanning."
                       (setq dir-entry (assoc dir idlwave-path-alist)))
              (idlwave-path-alist-add-flag dir-entry 'lib)))))
       (unless no-load (setq idlwave-library-catalog-routines all-routines))
-      (if message-base (message (concat message-base "done"))))))
+      (if message-base (message "%sdone" message-base)))))
 
 ;;----- Communicating with the Shell -------------------