From e40370e81066b78367f1241eed11297f587fac7c Mon Sep 17 00:00:00 2001 From: Carsten Dominik Date: Wed, 5 Aug 2009 16:30:02 +0200 Subject: [PATCH] Make #+BIND work correctly, and ask the user to confirm using BIND. --- doc/org.texi | 1 + lisp/ChangeLog | 1 + lisp/org-exp.el | 25 ++++++++++++++++++++++++- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/doc/org.texi b/doc/org.texi index 582ed662e..fe4cbde3e 100644 --- a/doc/org.texi +++ b/doc/org.texi @@ -8485,6 +8485,7 @@ Insert template with export options, see example below. #+TEXT: Several lines may be given. #+OPTIONS: H:2 num:t toc:t \n:nil @@:t ::t |:t ^:t f:t TeX:t ... #+BIND: lisp-var lisp-val, e.g.: org-export-latex-low-levels itemize + @r{You need to confirm using these, or configure @code{org-export-allow-BIND}} #+LINK_UP: the ``up'' link of an exported page #+LINK_HOME: the ``home'' link of an exported page #+LATEX_HEADER: extra line(s) for the LaTeX header, like \usepackage@{xyz@} diff --git a/lisp/ChangeLog b/lisp/ChangeLog index de57b6a18..15d9d0b3d 100755 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,6 +1,7 @@ 2009-08-05 Carsten Dominik * org-exp.el (org-default-export-plist): Respect #+BIND. + (org-export-confirm-letbind): New function. * org.el (org-paste-subtree): Test the kill ring entry if it is going to be used. diff --git a/lisp/org-exp.el b/lisp/org-exp.el index b711ee3c0..032fa8257 100644 --- a/lisp/org-exp.el +++ b/lisp/org-exp.el @@ -51,6 +51,16 @@ :tag "Org Export General" :group 'org-export) +(defcustom org-export-allow-BIND 'confirm + "Non-nil means, allow #+BIND to define local variable values for export. +This is a potential security risk, which is why the user must confirm the +use of these lines." + :group 'org-export-general + :type '(choice + (const :tag "Never" nil) + (const :tag "Always" t) + (const :tag "Make the user confirm for each file" confirm))) + ;; FIXME (defvar org-export-publishing-directory nil) @@ -704,7 +714,8 @@ modified) list.") "\n" setup-contents "\n" (substring ext-setup-or-nil start))))))) (setq p (plist-put p :text text)) - (setq p (plist-put p :let-bind letbind)) + (when (and letbind (org-export-confirm-letbind)) + (setq p (plist-put p :let-bind letbind))) (when style (setq p (plist-put p :style-extra style))) (when latex-header (setq p (plist-put p :latex-header-extra (substring latex-header 1)))) @@ -733,6 +744,18 @@ modified) list.") (match-string 2 val))))) p)))) +(defvar org-export-allow-BIND-local nil) +(defun org-export-confirm-letbind () + "Can we use #+BIND values during export?" + (cond + ((not org-export-allow-BIND) nil) + ((eq org-export-allow-BIND t) t) + (t + (if (local-variable-p 'org-export-allow-BIND-local) + org-export-allow-BIND-local + (org-set-local 'org-export-allow-BIND-local + (yes-or-no-p "Allow BIND values in this buffer? ")))))) + (defun org-install-letbind () "Install the values from #+BIND lines as local variables." (let ((letbind (plist-get org-export-opt-plist :let-bind)))