Use unsafep to check for theme safety.

* cus-face.el (custom-theme-set-faces): Mark as a safe function. * custom.el (custom-theme-set-variables): Mark as a safe function. (load-theme): Check forms using unsafep.

Use unsafep to check for theme safety.
* cus-face.el (custom-theme-set-faces): Mark as a safe function. * custom.el (custom-theme-set-variables): Mark as a safe function. (load-theme): Check forms using unsafep.
e48eb343 · Chong Yidong · df987d70 · e48eb343 · e48eb343 · e48eb343
Commit e48eb343 authored Oct 18, 2010 by Chong Yidong
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 20 deletions

lisp/ChangeLog lisp/ChangeLog +7 -0

lisp/cus-face.el lisp/cus-face.el +2 -0

lisp/custom.el lisp/custom.el +17 -20

No files found.
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
+2010-10-18  Chong Yidong  <cyd@stupidchicken.com>
+
+	* custom.el (custom-theme-set-variables): Mark as a safe function.
+	(load-theme): Check forms using unsafep.
+
+	* cus-face.el (custom-theme-set-faces): Mark as a safe function.
+
 2010-10-17  Agustín Martín  <agustin.martin@hispalinux.es>
  
 	* textmodes/ispell.el (ispell-aspell-find-dictionary): Fix

--- a/lisp/cus-face.el
+++ b/lisp/cus-face.el
@@ -349,6 +349,8 @@ FACE's list property `theme-face' \(using `custom-push-theme')."
 	      (put face 'face-override-spec nil)
 	      (face-spec-set face spec t))))))))

+(put 'custom-theme-set-faces 'safe-function t)
+
 ;; XEmacs compability function.  In XEmacs, when you reset a Custom
 ;; Theme, you have to specify the theme to reset it to.  We just apply
 ;; the next theme.

--- a/lisp/custom.el
+++ b/lisp/custom.el
@@ -993,6 +993,8 @@ in SYMBOL's list property `theme-value' \(using `custom-push-theme')."
 	  (and (or now (default-boundp symbol))
 	       (put symbol 'variable-comment comment)))))))

+(put 'custom-theme-set-variables 'safe-function t)
+

 ;;; Defining themes.

@@ -1134,32 +1136,27 @@ the theme."
    (with-temp-buffer
      (insert-file-contents fn)
      (let ((custom--inhibit-theme-enable no-enable)
-	    sexp scar)
-	(while (setq sexp (let ((read-circle nil))
+	    form scar)
+	(while (setq form (let ((read-circle nil))
 			    (condition-case nil
 				(read (current-buffer))
 			      (end-of-file nil))))
-	  ;; Perform some checks on each sexp before evaluating it.
 	  (cond
-	   ((not (listp sexp)))
-	   ((eq (setq scar (car sexp)) 'deftheme)
-	    (unless (eq (cadr sexp) theme)
+	   ;; Check `deftheme' expressions.
+	   ((eq (setq scar (car form)) 'deftheme)
+	    (unless (eq (cadr form) theme)
 	      (error "Incorrect theme name in `deftheme'"))
-	    (and (symbolp (nth 1 sexp))
-		 (stringp (nth 2 sexp))
-		 (eval (list scar (nth 1 sexp) (nth 2 sexp)))))
-	   ((or (eq scar 'custom-theme-set-variables)
-		(eq scar 'custom-theme-set-faces))
-	    (unless (equal (nth 1 sexp) `(quote ,theme))
-	      (error "Incorrect theme name in theme settings"))
-	    (dolist (entry (cddr sexp))
-	      (unless (eq (car-safe entry) 'quote)
-		(error "Unsafe expression in theme settings")))
-	    (eval sexp))
+	    (and (symbolp (nth 1 form))
+		 (stringp (nth 2 form))
+		 (eval (list scar (nth 1 form) (nth 2 form)))))
+	   ;; Check `provide-theme' expressions.
 	   ((and (eq scar 'provide-theme)
-		 (equal (cadr sexp) `(quote ,theme))
-		 (= (length sexp) 2))
-	    (eval sexp))))))))
+		 (equal (cadr form) `(quote ,theme))
+		 (= (length form) 2))
+	    (eval form))
+	   ;; All other expressions need to be safe.
+	   ((not (unsafep form))
+	    (eval form))))))))

 (defun custom-theme-name-valid-p (name)
  "Return t if NAME is a valid name for a Custom theme, nil otherwise.