mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2025-12-26 07:11:34 -08:00
Code Issues Projects Releases Wiki Activity

Be safer about "%" in message formats

Browse source 
* lisp/calc/calc-store.el (calc-copy-special-constant):
* lisp/net/rcirc.el (rcirc-handler-PART, rcirc-handler-KICK):
* lisp/org/org-agenda.el (org-agenda):
* lisp/org/org-clock.el (org-clock-out, org-clock-display):
* lisp/org/org.el (org-refile):
* lisp/progmodes/ada-xref.el (ada-goto-declaration):
* lisp/progmodes/idlwave.el (idlwave-scan-library-catalogs):
Don’t trust arbitrary strings to not contain "%" or "`" in
(message (concat STRING1 STRING2 ...)).
This commit is contained in:
Paul Eggert 2019-03-07 09:02:15 -08:00
parent 953cbce77b
commit 3739d51ef3
7 changed files with 28 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lisp/calc/calc-store.el
View file

@ -405,8 +405,8 @@
sconst)))) sconst))))
(if var (if var
(let ((msg (calc-store-value var value ""))) (let ((msg (calc-store-value var value "")))
(message (concat "Special constant \"%s\" copied to \"%s\"" msg) (message "Special constant \"%s\" copied to \"%s\"%s"
sconst (calc-var-name var))))))))) sconst (calc-var-name var) msg))))))))
(defun calc-copy-variable (&optional var1 var2) (defun calc-copy-variable (&optional var1 var2)
(interactive) (interactive)

4
lisp/net/rcirc.el
View file

@ -2685,7 +2685,7 @@ the only argument."
(defun rcirc-handler-PART (process sender args _text) (defun rcirc-handler-PART (process sender args _text)
(let* ((channel (car args)) (let* ((channel (car args))
(reason (cadr args)) (reason (cadr args))
(message (concat channel " " reason))) (message "%s %s" channel reason))
(rcirc-print process sender "PART" channel message) (rcirc-print process sender "PART" channel message)
;; print in private chat buffer if it exists ;; print in private chat buffer if it exists
(when (rcirc-get-buffer (rcirc-buffer-process) sender) (when (rcirc-get-buffer (rcirc-buffer-process) sender)
@ -2697,7 +2697,7 @@ the only argument."
(let* ((channel (car args)) (let* ((channel (car args))
(nick (cadr args)) (nick (cadr args))
(reason (nth 2 args)) (reason (nth 2 args))
(message (concat nick " " channel " " reason))) (message "%s %s %s" nick channel reason))
(rcirc-print process sender "KICK" channel message t) (rcirc-print process sender "KICK" channel message t)
;; print in private chat buffer if it exists ;; print in private chat buffer if it exists
(when (rcirc-get-buffer (rcirc-buffer-process) nick) (when (rcirc-get-buffer (rcirc-buffer-process) nick)

13
lisp/org/org-agenda.el
View file

@ -2882,13 +2882,12 @@ Pressing `<' twice means to restrict to the current subtree or region
(let* ((m (org-agenda-get-any-marker)) (let* ((m (org-agenda-get-any-marker))
(note (and m (org-entry-get m "THEFLAGGINGNOTE")))) (note (and m (org-entry-get m "THEFLAGGINGNOTE"))))
(when note (when note
(message (concat (message "FLAGGING-NOTE ([?] for more info): %s"
"FLAGGING-NOTE ([?] for more info): " (org-add-props
(org-add-props (replace-regexp-in-string
(replace-regexp-in-string "\\\\n" "//"
"\\\\n" "//" (copy-sequence note))
(copy-sequence note)) nil 'face 'org-warning))))))
nil 'face 'org-warning)))))))
t t)) t t))
((equal org-keys "#") (call-interactively 'org-agenda-list-stuck-projects)) ((equal org-keys "#") (call-interactively 'org-agenda-list-stuck-projects))
((equal org-keys "/") (call-interactively 'org-occur-in-agenda-files)) ((equal org-keys "/") (call-interactively 'org-occur-in-agenda-files))

22
lisp/org/org-clock.el
View file

@ -1622,9 +1622,10 @@ to, overriding the existing value of `org-clock-out-switch-to-state'."
"\\>")))) "\\>"))))
(org-todo org-clock-out-switch-to-state)))))) (org-todo org-clock-out-switch-to-state))))))
(force-mode-line-update) (force-mode-line-update)
(message (concat "Clock stopped at %s after " (message (if remove
(org-duration-from-minutes (+ (* 60 h) m)) "%s") "Clock stopped at %s after %s => LINE REMOVED"
te (if remove " => LINE REMOVED" "")) "Clock stopped at %s after %s")
te (org-duration-from-minutes (+ (* 60 h) m)))
(run-hooks 'org-clock-out-hook) (run-hooks 'org-clock-out-hook)
(unless (org-clocking-p) (unless (org-clocking-p)
(setq org-clock-current-task nil))))))) (setq org-clock-current-task nil)))))))
@ -1925,13 +1926,14 @@ Use `\\[org-clock-remove-overlays]' to remove the subtree times."
nil 'local)))) nil 'local))))
(let* ((h (/ org-clock-file-total-minutes 60)) (let* ((h (/ org-clock-file-total-minutes 60))
(m (- org-clock-file-total-minutes (* 60 h)))) (m (- org-clock-file-total-minutes (* 60 h))))
(message (concat (format "Total file time%s: " (message (cond
(cond (todayp " for today") (todayp
(customp " (custom)") "Total file time for today: %s (%d hours and %d minutes)")
(t ""))) (customp
(org-duration-from-minutes "Total file time (custom): %s (%d hours and %d minutes)")
org-clock-file-total-minutes) (t
" (%d hours and %d minutes)") "Total file time: %s (%d hours and %d minutes)"))
(org-duration-from-minutes org-clock-file-total-minutes)
h m)))) h m))))
(defvar-local org-clock-overlays nil) (defvar-local org-clock-overlays nil)

3
lisp/org/org.el
View file

@ -11878,7 +11878,8 @@ prefix argument (`C-u C-u C-u C-c C-w')."
(when (featurep 'org-inlinetask) (when (featurep 'org-inlinetask)
(org-inlinetask-remove-END-maybe)) (org-inlinetask-remove-END-maybe))
(setq org-markers-to-move nil) (setq org-markers-to-move nil)
(message (concat actionmsg " to \"%s\" in file %s: done") (car it) file))))))) (message "%s to \"%s\" in file %s: done" actionmsg
(car it) file)))))))
(defun org-refile-goto-last-stored () (defun org-refile-goto-last-stored ()
"Go to the location where the last refile was stored." "Go to the location where the last refile was stored."

3
lisp/progmodes/ada-xref.el
View file

@ -1133,8 +1133,7 @@ If OTHER-FRAME is non-nil, display the cross-reference in another frame."
(ada-find-in-ali identlist other-frame) (ada-find-in-ali identlist other-frame)
;; File not found: print explicit error message ;; File not found: print explicit error message
(ada-error-file-not-found (ada-error-file-not-found
(message (concat (error-message-string err) (message "%s%s" (error-message-string err) (nthcdr 1 err)))
(nthcdr 1 err))))
(error (error
(let ((ali-file (ada-get-ali-file-name (ada-file-of identlist)))) (let ((ali-file (ada-get-ali-file-name (ada-file-of identlist))))

7
lisp/progmodes/idlwave.el
View file

@ -5588,7 +5588,7 @@ be set to nil to disable library catalog scanning."
(mapcar 'car idlwave-path-alist))) (mapcar 'car idlwave-path-alist)))
(old-libname "") (old-libname "")
dir-entry dir catalog all-routines) dir-entry dir catalog all-routines)
(if message-base (message message-base)) (if message-base (message "%s" message-base))
(while (setq dir (pop dirs)) (while (setq dir (pop dirs))
(catch 'continue (catch 'continue
(when (file-readable-p (when (file-readable-p
@ -5603,8 +5603,7 @@ be set to nil to disable library catalog scanning."
message-base message-base
(not (string= idlwave-library-catalog-libname (not (string= idlwave-library-catalog-libname
old-libname))) old-libname)))
(message "%s" (concat message-base (message "%s%s" message-base idlwave-library-catalog-libname)
idlwave-library-catalog-libname))
(setq old-libname idlwave-library-catalog-libname)) (setq old-libname idlwave-library-catalog-libname))
(when idlwave-library-catalog-routines (when idlwave-library-catalog-routines
(setq all-routines (setq all-routines
@ -5618,7 +5617,7 @@ be set to nil to disable library catalog scanning."
(setq dir-entry (assoc dir idlwave-path-alist))) (setq dir-entry (assoc dir idlwave-path-alist)))
(idlwave-path-alist-add-flag dir-entry 'lib))))) (idlwave-path-alist-add-flag dir-entry 'lib)))))
(unless no-load (setq idlwave-library-catalog-routines all-routines)) (unless no-load (setq idlwave-library-catalog-routines all-routines))
(if message-base (message (concat message-base "done")))))) (if message-base (message "%sdone" message-base)))))
;;----- Communicating with the Shell ------------------- ;;----- Communicating with the Shell -------------------