Author: yamakenz
Date: Fri Aug 24 18:50:47 2007
New Revision: 4889
Modified:
trunk/scm/custom-rt.scm
trunk/scm/custom.scm
trunk/uim/uim.c
Log:
* This commit fix arbitrary sexp evaluation of passed custom value for
uim_prop_update_custom()
* uim/uim.c
- (uim_prop_update_custom): Stop evaluating the custom value
string. And pass it to custom-set-handler as unevaluated raw string
* scm/custom-rt.scm
- Require SRFI-6 and SRFI-34
- (custom-prop-update-custom-handler): Read the string
representation of the custom value
* scm/custom.scm
- (custom-prop-update-custom-handler): Removed since the
implementation is exactly same as custom-rt.scm's
Modified: trunk/scm/custom-rt.scm
==============================================================================
--- trunk/scm/custom-rt.scm (original)
+++ trunk/scm/custom-rt.scm Fri Aug 24 18:50:47 2007
@@ -40,6 +40,8 @@
;; TODO: write test-custom-rt.scm
+(require-extension (srfi 6 34))
+
(require "util.scm")
(require "key.scm")
@@ -245,11 +247,15 @@
(interaction-environment)))
(custom-set-value! sym default)))))))) ;; to apply hooks
-;; lightweight implementation
-;; warning: no validation performed
+;; warning: no validation performed by custom-set-value! on custom-rt.scm
(define custom-prop-update-custom-handler
- (lambda (context custom-sym val)
- (custom-set-value! custom-sym val)))
+ (let ((READ-ERR (list 'read-err))) ;; unique id
+ (lambda (context custom-sym val-str)
+ (let ((val (guard (err
+ (else READ-ERR))
+ (read (open-input-string val-str)))))
+ (and (not (eq? val READ-ERR))
+ (custom-set-value! custom-sym val))))))
;; custom-reload-user-configs can switch its behavior by
;; custom-enable-mtime-aware-user-conf-reloading? since the
Modified: trunk/scm/custom.scm
==============================================================================
--- trunk/scm/custom.scm (original)
+++ trunk/scm/custom.scm Fri Aug 24 18:50:47 2007
@@ -734,10 +734,6 @@
(let ((custom-syms (custom-collect-by-group group)))
(for-each custom-broadcast-custom custom-syms))))
-(define custom-prop-update-custom-handler
- (lambda (context custom-sym val)
- (custom-set-value! custom-sym val)))
-
(define custom-register-cb
(lambda (hook valid? custom-sym ptr gate-func func)
(and (valid? custom-sym)
Modified: trunk/uim/uim.c
==============================================================================
--- trunk/uim/uim.c (original)
+++ trunk/uim/uim.c Fri Aug 24 18:50:47 2007
@@ -852,11 +852,9 @@
* time has come. -- YamaKen 2005-09-12
*/
/** Update custom value from property message.
- * Update custom value from property message. All variable update is
- * validated by custom APIs rather than arbitrary sexp
- * evaluation. Custom symbol \a custom is quoted in sexp string to be
- * restricted to accept symbol literal only. This prevents arbitrary
- * sexp evaluation.
+ * Update custom value from property message. The implementation
+ * avoids arbitrary sexp evaluation for both custom symbol \a custom
+ * and custom value \a val.
*/
void
uim_prop_update_custom(uim_context uc, const char *custom, const char *val)
@@ -869,8 +867,7 @@
assert(custom);
assert(val);
- uim_scm_callf("custom-set-handler", "pyo",
- uc, custom, uim_scm_eval_c_string(val));
+ uim_scm_callf("custom-set-handler", "pys", uc, custom, val);
UIM_CATCH_ERROR_END();
}
