From: Daniel Clemente <email@example.com>
To: Carsten Dominik <firstname.lastname@example.org>
Cc: org-mode Mailinglist <email@example.com>
Subject: Re: Local variables
Date: Thu, 06 Aug 2009 12:35:21 +0200 [thread overview]
Message-ID: <87d479p6vq.fsf@CPU107.opentrends.net> (raw)
In-Reply-To: <9922F423-1B5B-40A3-822D-1AFF23BA1C29@uva.nl> (Carsten Dominik's message of "Wed, 5 Aug 2009 16:32:12 +0200")
Thank you very much.
I am forwarding your response also to the mailing list.
El dc, ago 05 2009 a les 16:32, Carsten Dominik va escriure:
> On Aug 5, 2009, at 12:39 PM, Daniel Clemente wrote:
>> El dt, ago 04 2009 a les 23:15, Carsten Dominik va escriure:
>>> General mechanism for local variable settings
>>> A line like:
>>> #+BIND: variable value
>>> will bind the variable to value. For example, the line
>> 1. That's very useful and makes .org file distribution much easier since
>> configuration is self-contained. Thanks.
>> 2. I find that it doesn't work. For instance, this buffer
>> #+BIND: org-export-with-section-numbers nil
>> * one
>> and this one:
>> #+BIND: org-export-with-section-numbers t
>> * one
>> Export the same content, with section numbers. Only with this:
>> #+OPTIONS: num:nil
>> can I export without section numbers.
>> Running org 6.29a on latest Emacs from CVS from today. I get no other error
> This was a bug, fixed, thanks.
>> 3. I found it created one problem with custom time dates. I can't export this
>> #+STARTUP: customtime
>> #+BIND: org-time-stamp-custom-formats '("<%d.m%m.%Y>" . "<%d.m%m.%Y %H:%M>")
>> # (setq org-time-stamp-custom-formats '("<%d.m%m.%Y>" . "<%d.m%m.%Y %H:%M>"))
> in #+BIND, the value should not be quoted, it will not be evaluated like it
> would in
> a setq form. So you need:
> #+BIND: org-time-stamp-custom-formats ("<%d.m%m.%Y>" . "<%d.m%m.%Y %H:
>> a date:
>> <2006-03-25 sáb>
>> It fails with:
>> Debugger entered--Lisp error: (wrong-type-argument arrayp quote)
>> substring(quote 1 -1)
>> (concat (if inactive "[" "<") (substring tf 1 -1) (if inactive "]" ">"))
>> (format-time-string (concat (if inactive "[" "<") (substring tf 1 -1) (if
>> inactive "]" ">")) (apply (quote encode-time) time))
>> org-translate-time(#("<2006-03-25 s\x00e1\ b>" 0 1 (fontified t) 1 2
>> (fontified t display #("25.m03.2006" 0 11 ...)) 2 3 (fontified t org-dwidth t
>> org-dwidth-n 3 display #("25.m03.2006" 0 11 ...)) 3 15 (fontified t display
>> #("25.m03.2006" 0 11 ...)) 15 16 (fontified t rear-nonsticky (mouse-face
>> highlight keymap invisible intangible help-echo org-linked-text))))
>> It fails only if I have that #+BIND line.
>> You may eval or not the (setq), as needed; it's there only to test.
>> 4. Being able to change any variable is dangerous. „Local variables“ in Emacs
>> have a confirmation dialog which asks whether you really want to change them;
>> org may need something similar if it reimplements local variables.
>> Restricting changes to variables whose name is org-.* probably doesn't
>> prevent code execution, and anyway the good thing about # +BIND: is being able
>> to change anything. So maybe a confirmation dialog can be used, or a switch.
> Yes, #+BIND might in principle open the possibility to execute
> code and in this way is a security risk. Org-mode files as virus vectors.
> There are other, similar issues with executable code in org-eval.el,
> and with shell links, for example.
> I am not sure what the right course of a action is here.
> The most important thing is of course to only open Org files from
> trusted sources in Emacs.
> I guess we could use a switch . . . I have now implemented one.
> You need to confirm using BIND for each buffer that wants it,
> or you can configure the variable org-export-allow-BIND to
> allow them always, on your own risk.
> - Carsten
prev parent reply other threads:[~2009-08-06 10:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 21:15 Org-mode release 6.29 Carsten Dominik
2009-08-04 22:37 ` Keith Lancaster
2009-08-04 22:59 ` Sebastian Rose
2009-08-04 23:07 ` Org-mode release 6.29 (SOLVED) Keith Lancaster
2009-08-05 0:40 ` Org-mode release 6.29 Samuel Wales
2009-08-05 10:39 ` Local variables Daniel Clemente
[not found] ` <9922F423-1B5B-40A3-822D-1AFF23BA1C29@uva.nl>
2009-08-06 10:35 ` Daniel Clemente [this message]
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).