From e48eb34332dc91de823314090451459ba2ffacbf Mon Sep 17 00:00:00 2001 From: Chong Yidong Date: Mon, 18 Oct 2010 13:26:25 -0400 Subject: [PATCH] Use unsafep to check for theme safety. * cus-face.el (custom-theme-set-faces): Mark as a safe function. * custom.el (custom-theme-set-variables): Mark as a safe function. (load-theme): Check forms using unsafep. --- lisp/ChangeLog | 7 +++++++ lisp/cus-face.el | 2 ++ lisp/custom.el | 37 +++++++++++++++++-------------------- 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 9529d85c89b..30fc5c29f7b 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,10 @@ +2010-10-18 Chong Yidong + + * custom.el (custom-theme-set-variables): Mark as a safe function. + (load-theme): Check forms using unsafep. + + * cus-face.el (custom-theme-set-faces): Mark as a safe function. + 2010-10-17 Agustín Martín * textmodes/ispell.el (ispell-aspell-find-dictionary): Fix diff --git a/lisp/cus-face.el b/lisp/cus-face.el index ebb20012afa..fd6db787d32 100644 --- a/lisp/cus-face.el +++ b/lisp/cus-face.el @@ -349,6 +349,8 @@ FACE's list property `theme-face' \(using `custom-push-theme')." (put face 'face-override-spec nil) (face-spec-set face spec t)))))))) +(put 'custom-theme-set-faces 'safe-function t) + ;; XEmacs compability function. In XEmacs, when you reset a Custom ;; Theme, you have to specify the theme to reset it to. We just apply ;; the next theme. diff --git a/lisp/custom.el b/lisp/custom.el index 4bc230a7662..8a7739d1be4 100644 --- a/lisp/custom.el +++ b/lisp/custom.el @@ -993,6 +993,8 @@ in SYMBOL's list property `theme-value' \(using `custom-push-theme')." (and (or now (default-boundp symbol)) (put symbol 'variable-comment comment))))))) +(put 'custom-theme-set-variables 'safe-function t) + ;;; Defining themes. @@ -1134,32 +1136,27 @@ the theme." (with-temp-buffer (insert-file-contents fn) (let ((custom--inhibit-theme-enable no-enable) - sexp scar) - (while (setq sexp (let ((read-circle nil)) + form scar) + (while (setq form (let ((read-circle nil)) (condition-case nil (read (current-buffer)) (end-of-file nil)))) - ;; Perform some checks on each sexp before evaluating it. (cond - ((not (listp sexp))) - ((eq (setq scar (car sexp)) 'deftheme) - (unless (eq (cadr sexp) theme) + ;; Check `deftheme' expressions. + ((eq (setq scar (car form)) 'deftheme) + (unless (eq (cadr form) theme) (error "Incorrect theme name in `deftheme'")) - (and (symbolp (nth 1 sexp)) - (stringp (nth 2 sexp)) - (eval (list scar (nth 1 sexp) (nth 2 sexp))))) - ((or (eq scar 'custom-theme-set-variables) - (eq scar 'custom-theme-set-faces)) - (unless (equal (nth 1 sexp) `(quote ,theme)) - (error "Incorrect theme name in theme settings")) - (dolist (entry (cddr sexp)) - (unless (eq (car-safe entry) 'quote) - (error "Unsafe expression in theme settings"))) - (eval sexp)) + (and (symbolp (nth 1 form)) + (stringp (nth 2 form)) + (eval (list scar (nth 1 form) (nth 2 form))))) + ;; Check `provide-theme' expressions. ((and (eq scar 'provide-theme) - (equal (cadr sexp) `(quote ,theme)) - (= (length sexp) 2)) - (eval sexp)))))))) + (equal (cadr form) `(quote ,theme)) + (= (length form) 2)) + (eval form)) + ;; All other expressions need to be safe. + ((not (unsafep form)) + (eval form)))))))) (defun custom-theme-name-valid-p (name) "Return t if NAME is a valid name for a Custom theme, nil otherwise. -- 2.39.5