[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] ox-latex: Make more variables file local safe
From: |
gerard . vermeulen |
Subject: |
Re: [PATCH] ox-latex: Make more variables file local safe |
Date: |
Sat, 10 Feb 2024 13:25:49 +0000 |
On 10.02.2024 00:04, Ihor Radchenko wrote:
gerard.vermeulen@posteo.net writes:
I have a direct use for org-latex-toc-command being a file local
safe variable and I looked a bit around for other variables not
being file local safe for no good reason IMO (why those not,
while similar variables yes).
I have attached a patch which makes six variables file local safe.
Thanks! I agree about all but org-latex-toc-command.
Although, I am not sure if org-latex-toc-command is really safe to set
to arbitrary value.
You are right, it is not safe, BUT:
The attached org file (not really malicious) shows how to create a
malicious
org file for any file local "safe" string variable in ox-latex when
exporting
to latex and compiling with the -shell-escape option.
Therefore, I attached a patch removing the :safe #'stringp from those
variables.
malicious.org
Description: Binary data
0001-ox-latex-string-variables-are-not-file-local-safe.patch
Description: Binary data