On 28/10/2022 10:15, Ihor Radchenko wrote:
See the attached tentative patch.
I tried to balance between annoying users with query and not evaluating
unsafe code: '-quoted lists and symbols are still evaluated without
prompt.
Let me know if you see any potential issues.
If I got it right, it prompt user for every variable. I believed that
single prompt is enough for both header arguments and body evaluation.
Maybe I missed some issue with dependent code blocks. If I remember
correctly, each block causes a prompt and I am not going to dispute such
behavior. Unsure if early prompt may increase user confusion since some
blocks will be evaluated not immediately after related prompt but
perhaps after some delay to confirm dependent code.
diff --git a/lisp/ob-core.el b/lisp/ob-core.el
index 518831ec6..e10ab401c 100644
--- a/lisp/ob-core.el
+++ b/lisp/ob-core.el
@@ -3165,7 +3165,16 @@ (defun org-babel-read (cell &optional inhibit-lisp-eval)
((and (not inhibit-lisp-eval)
(or (memq (string-to-char cell) '(?\( ?' ?` ?\[))
(string= cell "*this*")))
- (eval (read cell) t))
+ ;; Prevent arbitrary function calls.
+ (if (and (memq (string-to-char cell) '(?\( ?`))
+ (not (org-babel-confirm-evaluate
+ ;; See `org-babel-get-src-block-info'.
+ (list "emacs-lisp" (format "%S" cell)
+ '((:eval . yes)) nil (format "%S" cell)
+ nil nil))))
+ ;; Not allowed.
+ (user-error "Evaluation of elisp code %S aborted." cell)
+ (eval (read cell) t)))
((save-match-data
(and (string-match "^[[:space:]]*\"\\(.*\\)\"[[:space:]]*$" cell)
(not (string-match "[^\\]\"" (match-string 1 cell)))))
