From: Max Nikulin <manikulin@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: [PATCH] ob-maxima.el: Fix execution on MS Windows
Date: Thu, 30 Dec 2021 00:05:22 +0700 [thread overview]
Message-ID: <sqi4gk$ntg$1@ciao.gmane.io> (raw)
In-Reply-To: <ae7919e9-158c-a629-8429-526ee8ece854@gmail.com>
On 27/12/2021 03:18, Nikolay Kudryavtsev wrote:
>
> Ob-maxima currently does not work on Windows due to it using single
> quotes in the Maxima invocation and those not being supported by Windows
> CMD.
>
> After some testing I've found an invocation that seems to work fine on
> both Windows and Linux. I don't think this patch can cause any real
> issue, since the string in those quotes is just the temp file path.
> --- a/lisp/ob-maxima.el
> +++ b/lisp/ob-maxima.el
> @@ -77,7 +77,7 @@ This function is called by `org-babel-execute-src-block'."
> (result
> (let* ((cmdline (or (cdr (assq :cmdline params)) ""))
> (in-file (org-babel-temp-file "maxima-" ".max"))
> - (cmd (format "%s --very-quiet -r 'batchload(%S)$' %s"
> + (cmd (format "%s --very-quiet -r \"batchload(\\\"%S\\\")\"$ %s"
> org-babel-maxima-command in-file cmdline)))
I do not like original variant, but suggested change makes it unsafe in
more cases. `in-file' might contain apostrophe in the case of peculiar
path of the directory for temporary files. More characters may be
interpreted by BASH inside double quotes. Even docstring for
`shell-quote-argument' mentions security issues with the function.
Ideally command arguments should be passed as a list to avoid
intermediate interpretation by shell at all. Unfortunately gluing
strings to make a shell command is used too widely in org code and emacs
API encourages such unsafe way.
next prev parent reply other threads:[~2021-12-29 17:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-26 20:18 [PATCH] ob-maxima.el: Fix execution on MS Windows Nikolay Kudryavtsev
2021-12-29 17:05 ` Max Nikulin [this message]
2021-12-29 18:37 ` Nikolay Kudryavtsev
2021-12-30 16:33 ` Max Nikulin
2021-12-30 20:54 ` Nikolay Kudryavtsev
2022-01-11 13:55 ` Max Nikulin
2022-10-29 6:08 ` Ihor Radchenko
2022-11-02 11:49 ` Nikolay Kudryavtsev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='sqi4gk$ntg$1@ciao.gmane.io' \
--to=manikulin@gmail.com \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).