>From f15d0d0247ffe7bc3bbd5fbe10271c93b2e2fb1c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 7 Mar 2019 09:02:15 -0800 Subject: [PATCH] Be safer about "%" in message formats MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * lisp/calc/calc-store.el (calc-copy-special-constant): * lisp/net/rcirc.el (rcirc-handler-PART, rcirc-handler-KICK): * lisp/org/org-agenda.el (org-agenda): * lisp/org/org-clock.el (org-clock-out, org-clock-display): * lisp/org/org.el (org-refile): * lisp/progmodes/ada-xref.el (ada-goto-declaration): * lisp/progmodes/idlwave.el (idlwave-scan-library-catalogs): Don’t trust arbitrary strings to not contain "%" or "`" in (message (concat STRING1 STRING2 ...)). --- lisp/calc/calc-store.el | 4 ++-- lisp/net/rcirc.el | 4 ++-- lisp/org/org-agenda.el | 13 ++++++------- lisp/org/org-clock.el | 22 ++++++++++++---------- lisp/org/org.el | 3 ++- lisp/progmodes/ada-xref.el | 3 +-- lisp/progmodes/idlwave.el | 7 +++---- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/lisp/calc/calc-store.el b/lisp/calc/calc-store.el index 589a776c41..3987c129c2 100644 --- a/lisp/calc/calc-store.el +++ b/lisp/calc/calc-store.el @@ -405,8 +405,8 @@ calc-copy-special-constant sconst)))) (if var (let ((msg (calc-store-value var value ""))) - (message (concat "Special constant \"%s\" copied to \"%s\"" msg) - sconst (calc-var-name var))))))))) + (message "Special constant \"%s\" copied to \"%s\"%s" + sconst (calc-var-name var) msg)))))))) (defun calc-copy-variable (&optional var1 var2) (interactive) diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el index b1a6c1ce8d..9d53cd4436 100644 --- a/lisp/net/rcirc.el +++ b/lisp/net/rcirc.el @@ -2685,7 +2685,7 @@ rcirc-handler-PART-or-KICK (defun rcirc-handler-PART (process sender args _text) (let* ((channel (car args)) (reason (cadr args)) - (message (concat channel " " reason))) + (message "%s %s" channel reason)) (rcirc-print process sender "PART" channel message) ;; print in private chat buffer if it exists (when (rcirc-get-buffer (rcirc-buffer-process) sender) @@ -2697,7 +2697,7 @@ rcirc-handler-KICK (let* ((channel (car args)) (nick (cadr args)) (reason (nth 2 args)) - (message (concat nick " " channel " " reason))) + (message "%s %s %s" nick channel reason)) (rcirc-print process sender "KICK" channel message t) ;; print in private chat buffer if it exists (when (rcirc-get-buffer (rcirc-buffer-process) nick) diff --git a/lisp/org/org-agenda.el b/lisp/org/org-agenda.el index e416f5f062..23ee8d71e6 100644 --- a/lisp/org/org-agenda.el +++ b/lisp/org/org-agenda.el @@ -2882,13 +2882,12 @@ org-agenda (let* ((m (org-agenda-get-any-marker)) (note (and m (org-entry-get m "THEFLAGGINGNOTE")))) (when note - (message (concat - "FLAGGING-NOTE ([?] for more info): " - (org-add-props - (replace-regexp-in-string - "\\\\n" "//" - (copy-sequence note)) - nil 'face 'org-warning))))))) + (message "FLAGGING-NOTE ([?] for more info): %s" + (org-add-props + (replace-regexp-in-string + "\\\\n" "//" + (copy-sequence note)) + nil 'face 'org-warning)))))) t t)) ((equal org-keys "#") (call-interactively 'org-agenda-list-stuck-projects)) ((equal org-keys "/") (call-interactively 'org-occur-in-agenda-files)) diff --git a/lisp/org/org-clock.el b/lisp/org/org-clock.el index 34b694d487..62c7cd92d1 100644 --- a/lisp/org/org-clock.el +++ b/lisp/org/org-clock.el @@ -1622,9 +1622,10 @@ org-clock-out "\\>")))) (org-todo org-clock-out-switch-to-state)))))) (force-mode-line-update) - (message (concat "Clock stopped at %s after " - (org-duration-from-minutes (+ (* 60 h) m)) "%s") - te (if remove " => LINE REMOVED" "")) + (message (if remove + "Clock stopped at %s after %s => LINE REMOVED" + "Clock stopped at %s after %s") + te (org-duration-from-minutes (+ (* 60 h) m))) (run-hooks 'org-clock-out-hook) (unless (org-clocking-p) (setq org-clock-current-task nil))))))) @@ -1925,13 +1926,14 @@ org-clock-display nil 'local)))) (let* ((h (/ org-clock-file-total-minutes 60)) (m (- org-clock-file-total-minutes (* 60 h)))) - (message (concat (format "Total file time%s: " - (cond (todayp " for today") - (customp " (custom)") - (t ""))) - (org-duration-from-minutes - org-clock-file-total-minutes) - " (%d hours and %d minutes)") + (message (cond + (todayp + "Total file time for today: %s (%d hours and %d minutes)") + (customp + "Total file time (custom): %s (%d hours and %d minutes)") + (t + "Total file time: %s (%d hours and %d minutes)")) + (org-duration-from-minutes org-clock-file-total-minutes) h m)))) (defvar-local org-clock-overlays nil) diff --git a/lisp/org/org.el b/lisp/org/org.el index 3a434d12df..e3c78ae90d 100644 --- a/lisp/org/org.el +++ b/lisp/org/org.el @@ -11878,7 +11878,8 @@ org-refile (when (featurep 'org-inlinetask) (org-inlinetask-remove-END-maybe)) (setq org-markers-to-move nil) - (message (concat actionmsg " to \"%s\" in file %s: done") (car it) file))))))) + (message "%s to \"%s\" in file %s: done" actionmsg + (car it) file))))))) (defun org-refile-goto-last-stored () "Go to the location where the last refile was stored." diff --git a/lisp/progmodes/ada-xref.el b/lisp/progmodes/ada-xref.el index 28c52b0653..c9c923e1d6 100644 --- a/lisp/progmodes/ada-xref.el +++ b/lisp/progmodes/ada-xref.el @@ -1133,8 +1133,7 @@ ada-goto-declaration (ada-find-in-ali identlist other-frame) ;; File not found: print explicit error message (ada-error-file-not-found - (message (concat (error-message-string err) - (nthcdr 1 err)))) + (message "%s%s" (error-message-string err) (nthcdr 1 err))) (error (let ((ali-file (ada-get-ali-file-name (ada-file-of identlist)))) diff --git a/lisp/progmodes/idlwave.el b/lisp/progmodes/idlwave.el index 476d935e8a..25bc788ffc 100644 --- a/lisp/progmodes/idlwave.el +++ b/lisp/progmodes/idlwave.el @@ -5588,7 +5588,7 @@ idlwave-scan-library-catalogs (mapcar 'car idlwave-path-alist))) (old-libname "") dir-entry dir catalog all-routines) - (if message-base (message message-base)) + (if message-base (message "%s" message-base)) (while (setq dir (pop dirs)) (catch 'continue (when (file-readable-p @@ -5603,8 +5603,7 @@ idlwave-scan-library-catalogs message-base (not (string= idlwave-library-catalog-libname old-libname))) - (message "%s" (concat message-base - idlwave-library-catalog-libname)) + (message "%s%s" message-base idlwave-library-catalog-libname) (setq old-libname idlwave-library-catalog-libname)) (when idlwave-library-catalog-routines (setq all-routines @@ -5618,7 +5617,7 @@ idlwave-scan-library-catalogs (setq dir-entry (assoc dir idlwave-path-alist))) (idlwave-path-alist-add-flag dir-entry 'lib))))) (unless no-load (setq idlwave-library-catalog-routines all-routines)) - (if message-base (message (concat message-base "done")))))) + (if message-base (message "%sdone" message-base))))) ;;----- Communicating with the Shell ------------------- -- 2.20.1