Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands

On 18/08/2023 18:05, Ihor Radchenko wrote: Max Nikulin writes: Ihor, this is a list, not an expression to be evaluated. There are some conditions to avoid user prompts for strings, lists, etc. They are considered safe. This particular case is handled namely by ob-sqlite and the proposed

Clarification on blank lines following list items

I am noticing the list items have some very context-sensitive specific behavior regarding ownership of the trailing blank lines. I was hoping to get some clarification on this (namely, are my observations correct, am I stumbling across a bug, or have I not dug deep enough to suss out the real

Re: Inconvenient end-of-file behavior in org-mode 9.6 (emacs 29.1)

On 16/08/2023 20:19, Kaiyu Zheng wrote: The issue is: let's say I have a simple org-mode file, and let's say the cursor starts at the top of the file (marked by '|'): |* Sec1 ** SubSec1 ** SubSec2 A similar, but not so severe change in comparison to 9.5: In response to C-RET Org-9.5 just

Re: [BUG] Warning when creating preview

On Aug 18, 2023 at 6:04 PM, Ihor Radchenko wrote:Edgar Lux writes: > The Org version is very strange. Emacs 28 ships with Org 9.5.5 and the > latest stable version of Org available on ELPA is Org 9.6.7. The warning > comes from Org >9.6. Super weird. I don't know why I ended up in some 9.4

Re: [PATCH] ob-python results handling for dicts, dataframes, arrays, and plots

gerard.vermeu...@posteo.net writes: > I do not know how much this "abuse" of defconst is frowned > upon (elisp manual says defconst is advisory), but maybe it > can be advertised as a feature. org-babel-python--def-format-value is a "private" variable (it has double dash "--" in its name).

Re: [PATCH] ob-python results handling for dicts, dataframes, arrays, and plots

Ihor Radchenko writes: > This is an ORG-NEWS entry for Version 9.4. Is it an intentional change? Sorry, that was an accident. I've reverted it now: https://github.com/jackkamm/org-mode/commit/f12a695d67bc5c06013d9fbe0af844c9739e347a >> @@ -142,7 +144,9 @@ (defun

Re: [PATCH] ob-python results handling for dicts, dataframes, arrays, and plots

Liu Hui writes: > Hi, > > Thank you for the patch! Thanks for your feedback, I've incorporated it into https://github.com/jackkamm/org-mode/tree/python-results-revisited-2023 More specifically, here: https://github.com/jackkamm/org-mode/commit/af1d18314073446045395ff7a3d1de0303e92586 > Do we

Re: [PATCH] ob-python results handling for dicts, dataframes, arrays, and plots

Ihor Radchenko writes: >>> #+begin_src python :results list >>>return {"a": 1, "b": 2} >>> #+end_src >>> >>> #+RESULTS: >>> - a :: 1 >>> - b :: 2 >> >> This seems harder, and may require more widespread changes beyond >> ob-python. In particular, I think we'd need to change >>

Re: desirability of boxquote-style snippets for helping new users

On 1/15/09, Kevin Rodgers wrote: >> However, most prefix every line. For example, boxquote by default uses >> "|". >> >> While an experienced user can figure out rectangle commands or write a >> command to unpack the quote, new users and users who can't type much >> might skip using the code to

[Tip] Popup-menu with several actions for a link

Hi, I’ve been experimenting for a while with the popup.el library (), which offers an easy way to create popup menus (even cascading menus), with auto-completion functions. I’m sharing here a popup menu that I’ve defined to perform various actions on an

Wider margins on text, but no margins on tables?

I have always run Emacs full screen and never set any margins, so the text goes from one side of my screen to the other. (It's not a big screen.) Today I'm trying out narrowing how text is displayed by setting left-margin-width and right-margin-width, so there's blank space on either side.

Re: [BUG] Warning when creating preview

Edgar Lux writes: > I don't really need help with this. Org has been telling me for days > that I should report this, but I don't really want to share my > configuration publicly, and I thought that it was only for a file on > which I was working. It seems to be general for my configuration. I >

Re: Inconvenient end-of-file behavior in org-mode 9.6 (emacs 29.1)

Kaiyu Zheng writes: > In 28.3 and before, when I do `M->`, and hit 'Enter', I get to the end > of file on a new line outside of SubSec2, like so: > > * Sec1 > ** SubSec1 > ** SubSec2 > | > > And now I could type `** SubSec3` to add a new section like below: > > * Sec1 > ** SubSec1 > ** SubSec2 >

Inconvenient end-of-file behavior in org-mode 9.6 (emacs 29.1)

Dear Org-mode maintainers, Org-mode has been fantastic. However, in the most recent release as part of emacs 29.1, I am experiencing an inconvenience that made me switch back to 28.3. (I learned from this page https://irreal.org/blog/?p=10982 that emacs 29.1 released org-mode 9.6). The issue

Re: [MAINTENANCE] Org orphanage?

Ihor Radchenko writes: https://github.com/flexibeast/org-vcard page explicitly says that it is looking for a new maintainer at least since 9 months ago. (The author is in CC for this thread) Indeed, and i've been actively following this discussion. :-) i've only had one bite, in

Re: org-assert-version considered harmful

Ihor Radchenko writes: > 1. emacs -Q > 2. M-x org-version (built-in) > 3. M-: (push "/path/to/git/version/of/org/lisp" load-path) > 4. M-x org-mode > 5. Observe recursive loading error ... which is also happening with the other approach using (provide 'org-foo-9.7-pre) progn: Recursive load:

Re: org-assert-version considered harmful

Stefan Monnier writes: But then it will not run during byte-compilation. >>> Yeah, I was assuming that you had replaced all `require`s with >>> `org-require-with-shadowcheck`, but that's probably not what you'd done. >> That's exactly what I have done. > > Ah. The issue comes from the fact

Re: org-assert-version considered harmful

>>> But then it will not run during byte-compilation. >> Yeah, I was assuming that you had replaced all `require`s with >> `org-require-with-shadowcheck`, but that's probably not what you'd done. > That's exactly what I have done. Ah. The issue comes from the fact that `require` is treated

Re: org-assert-version considered harmful

Stefan Monnier writes: >> But then it will not run during byte-compilation. > > Yeah, I was assuming that you had replaced all `require`s with > `org-require-with-shadowcheck`, but that's probably not what you'd done. That's exactly what I have done. > Not knowing what you had done (beside

[BUG] Warning when creating preview

Hi, I don't really need help with this. Org has been telling me for days that I should report this, but I don't really want to share my configuration publicly, and I thought that it was only for a file on which I was working. It seems to be general for my configuration. I hope that it helps.

Re: org-assert-version considered harmful

>> For this one I can see the problem. You define: >> >> (defmacro org-require-with-shadowcheck (feature) >> [...] >> `(eval-and-compile ...)) >> >> so it will behave like a function, except that it's also >> executed during macroexpansion, so the (require 'org-element) within >>

Re: Emacs 29.1, org-agenda and SCHEDULED entries

Ihor Radchenko writes: > We should update the parser to treat such malformed SCHEDULED/DEADLINE > lines as ordinary paragraphs and report them in org-lint. I went another way, without changing the existing syntax. org-agenda will now ignore scheduled/deadline with inactive timestamps, as it

Re: [BUG] ob-sqlite: can not override header argument

Max Nikulin writes: > On 18/08/2023 01:03, Ihor Radchenko wrote: >> The source says >> >>;; for easy table parsing, default header type should be -csv >> >> So, it is at least intentional. > > With ":results verbatim" it is not convincing. Maybe. But not a bug either. I am also not a

Re: [BUG] ob-sqlite: can not override header argument

On 18/08/2023 01:03, Ihor Radchenko wrote: The source says ;; for easy table parsing, default header type should be -csv So, it is at least intentional. With ":results verbatim" it is not convincing. Note that (member :csv others) yielding "" is also intentional because it is

Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands

Max Nikulin writes: > Ihor, this is a list, not an expression to be evaluated. There are some > conditions to avoid user prompts for strings, lists, etc. They are > considered safe. > > This particular case is handled namely by ob-sqlite and the proposed > function in org-macs. Do you have

Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands

On 18/08/2023 15:43, Ihor Radchenko wrote: Max Nikulin writes: #+begin_src sqlite :db '(literal "/tmp/ob.sqlite$(date >/tmp/ob-sqlite-vuln.log)") select 1 #+end_src Handling lisp values in header arguments is much more general issue not tied to ob-sql or even to running shell commands.

Re: org-assert-version considered harmful

Stefan Monnier writes: >> My attempt to use shadowcheck idea you proposed failed with some very >> strange errors and I gave up. >> See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62762#311 > > For this one I can see the problem. You define: > > (defmacro org-require-with-shadowcheck

Re: [BUG] Error in data input and output format for org-columns--summary-estimate

and...@fedeli.eu writes: >IR > May you share your changes? >Sure! >Here they are: In these slices I take the upper part of the fork (where in > case, assuming a small-big usage convention ;)) as that is the value that > surely testify the effort estimation overrun. Being so, at the

Re: [MAINTENANCE] Org orphanage?

Jonas Bernoulli writes: >> What about https://github.com/flexibeast/org-vcard and >> https://github.com/nikclayton/ob-sql-mode ? > > Are you saying these packages are unmaintained and asking whether they > should be moved to the orphanage? https://github.com/flexibeast/org-vcard page explicitly

Re: [patch] ox-latex.el: fix blank lines behavior in verse block

Juan Manuel Macías writes: > Subject: [PATCH] lisp/ox-latex.el: Add the `:literal' attribute to verse > block. Thanks! Applied, onto main. https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=2eb4fd890 -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode

Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands

Max Nikulin writes: > On 13/08/2023 14:52, Ihor Radchenko wrote: >> What do you think about creating a new API to built shell commands and >> then using it across all the babel backends? > > I support the idea in general, but not its particular implementation as > `org-make-shell-command' in

Re: [BUG] Error in data input and output format for org-columns--summary-estimate

IR > May you share your changes? Sure! Here they are: In these slices I take the upper part of the fork (where in case, assuming a small-big usage convention ;)) as that is the value that surely testify the effort estimation overrun. Being so, at the time of this writing I just

Re: Add a Chinese version to index.org of orgmode.org

On Tue, 2023-08-08 at 22:53 +0800, Ruijie Yu wrote: > Hello Ihor, Lux and all, > > On Aug 8, 2023, at 14:55, Ihor Radchenko wrote: > > > > lux writes: > > > > > Hi > > >  To facilitate Chinese users' understanding of Org Mode, I have > > > translated index.org into Simplified Chinese. Please

Re: [PATCH] ob-python results handling for dicts, dataframes, arrays, and plots

On 18.08.2023 06:37, gerard.vermeu...@posteo.net wrote: On 17.08.2023 14:10, Ihor Radchenko wrote: gerard.vermeu...@posteo.net writes: Your patches allow anyone to change org-babel-python--def-format-value. For instance, I want to use black to "pretty-print" certain tree-like structures