emacs-elpa-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] externals-release/org 3454021483 3/3: Revert "org-babel-read: Obe

From: ELPA Syncer
Subject: [elpa] externals-release/org 3454021483 3/3: Revert "org-babel-read: Obey `org-confirm-babel-evaluate'"
Date: Mon, 2 Jan 2023 02:58:04 -0500 (EST) 
branch: externals-release/org
commit 3454021483a29732fd62e919074dab92838a516b
Author: Ihor Radchenko <yantar92@posteo.net>
Commit: Ihor Radchenko <yantar92@posteo.net>

    Revert "org-babel-read: Obey `org-confirm-babel-evaluate'"
    
    This reverts commit 10e857d42859a55b23cd4206ffce3ebd0f678583.
    
    * lisp/ob-core.el:
    (org-babel-merge-params):
    (org-babel-process-params):
    (org-babel-read):
    * lisp/org-table.el: Add FIXME comments to places where arbitrary code
    execution may happen.
    
    The extra query is reverted until we develop a better code execution
    safety system for Org.  The commit introduced too many user queries,
    making the whole idea of asking users to execute code from Org files
    not useful.
    
    Link: https://orgmode.org/list/878rinadlq.fsf@localhost
---
 lisp/ob-core.el   | 14 ++++----------
 lisp/org-table.el |  1 +
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/lisp/ob-core.el b/lisp/ob-core.el
index 9bb77f7920..93cdf6ae86 100644
--- a/lisp/ob-core.el
+++ b/lisp/ob-core.el
@@ -1690,6 +1690,7 @@ shown below.
                         (append
                          (split-string (if (stringp raw-result)
                                            raw-result
+                                          ;; FIXME: Arbitrary code evaluation.
                                          (eval raw-result t)))
                          (cdr (assq :result-params params))))))
     (append
@@ -2860,6 +2861,7 @@ parameters when merging lists."
                                  (split-string
                                   (cond ((stringp value) value)
                                          ((functionp value) (funcall value))
+                                         ;; FIXME: Arbitrary code evaluation.
                                          (t (eval value t)))))))
          (`(:exports . ,value)
           (setq exports (funcall merge
@@ -3188,16 +3190,8 @@ situations in which is it not appropriate."
        ((and (not inhibit-lisp-eval)
              (or (memq (string-to-char cell) '(?\( ?' ?` ?\[))
                  (string= cell "*this*")))
-         ;; Prevent arbitrary function calls.
-         (if (and (memq (string-to-char cell) '(?\( ?`))
-                  (not (org-babel-confirm-evaluate
-                      ;; See `org-babel-get-src-block-info'.
-                      (list "emacs-lisp" cell
-                            '((:eval . yes)) nil (format "%s" cell)
-                            nil nil))))
-             ;; Not allowed.
-             (user-error "Evaluation of elisp code %S aborted." cell)
-          (eval (read cell) t)))
+         ;; FIXME: Arbitrary code evaluation.
+        (eval (read cell) t))
        ((save-match-data
            (and (string-match "^[[:space:]]*\"\\(.*\\)\"[[:space:]]*$" cell)
                 (not (string-match "[^\\]\"" (match-string 1 cell)))))
diff --git a/lisp/org-table.el b/lisp/org-table.el
index 06cf919db7..fac9e68c12 100644
--- a/lisp/org-table.el
+++ b/lisp/org-table.el
@@ -2614,6 +2614,7 @@ location of point."
 
        (if lispp
            (setq ev (condition-case nil
+                         ;; FIXME: Arbitrary code evaluation.
                         (eval (eval (read form)))
                       (error "#ERROR"))
                  ev (if (numberp ev) (number-to-string ev) ev)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]