From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id wMicJVJ/7GWtDgEA62LTzQ:P1 (envelope-from ) for ; Sat, 09 Mar 2024 16:25:06 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id wMicJVJ/7GWtDgEA62LTzQ (envelope-from ) for ; Sat, 09 Mar 2024 16:25:06 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1709997906; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=rdMMBRyV+iXD+aoA2d0OwUieFww/tAkO8JWDaTamyzo=; b=QfWJVLHGi7o3NLkCsk9oYfD6+9tlvJnu1WZefILnUU42aMH+Twhc4OKyH7P0OUHSjL5PRS nW8Z/1qg0UGbLupsSuruTBO15gEH1WMsdrVOrth1Yz5WbInM7puSCcQIKsOsMScYQDqZlg Y2b23Y545JMrM7yBbYWDJ+5f0heVIOb7Uj4RYMnxX+X6kNlsSmBIruQNNhhgJF+JXeOREo IJUJVmNIh5h2menK2U9baAJEKKjy3L2tyqAbZ6t8oXjhN70+PiCBckrsCM+Xyq7lqMXmN0 t2/CMD438igzroIr23Kfm8uM/DOcrTNqoAuC48DUd06zpniIbPxgYhw0zGHGpg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1709997906; a=rsa-sha256; cv=none; b=dDhlAglZInGJA9qeWj1z6TZwlUYJkGfLOg1Xf9MaXwfAZM9wSDZnvQAKYGwlYlqMF4I+om oLMrSQzPF+BmY+BpupAS2TP+1XqM2ZwmVL4oInV2uaiaqLTqnxyLb5EG4InE13oYm+AEaX waQrRxkNsI/Ci45qrzs6ORE5knaiZfvwN7TRgNw2sZRXtuVJXZLd3mz8cVPnv3+nVBk/V/ XSkUz+tXGyiFUPSf/AC39Xyx17l5Ok0WT6FbZjQPxO7KwvjHdzb3yqTkrXHRbXlpQmIyZg a29U/CRPsuqf0SfHqsuthEIOickJbwOvfq5Izn8qYX0c+g+9bQHfxmaT1d/Bhg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 408DF1602B for ; Sat, 9 Mar 2024 16:25:06 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1riyYQ-0007aJ-4U; Sat, 09 Mar 2024 10:24:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1riyYO-0007Zv-FC for emacs-orgmode@gnu.org; Sat, 09 Mar 2024 10:24:04 -0500 Received: from ciao.gmane.io ([116.202.254.214]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1riyYM-0007aC-S8 for emacs-orgmode@gnu.org; Sat, 09 Mar 2024 10:24:04 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1riyYH-0004vG-UA for emacs-orgmode@gnu.org; Sat, 09 Mar 2024 16:23:57 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: Re: Warn about shell-expansion in the docstring of org-latex-to-html-convert-command Date: Sat, 9 Mar 2024 22:23:49 +0700 Message-ID: References: <87wmr1rc2w.fsf@localhost> <874jdzjqkk.fsf@localhost> <6e49c590-ad27-4fb0-b1f2-6a89c60a0b58@gmail.com> <87msrncxhq.fsf@localhost> <735645dd-1ddf-4579-a6dd-2700f3e83c94@gmail.com> <87jzmdht2w.fsf@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla Thunderbird Content-Language: en-US, ru-RU In-Reply-To: <87jzmdht2w.fsf@localhost> Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 26 X-Spam_score: 2.6 X-Spam_bar: ++ X-Spam_report: (2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -0.77 X-Spam-Score: -0.77 X-Migadu-Queue-Id: 408DF1602B X-TUID: ihLMgtz3ulP/ On 08/03/2024 18:16, Ihor Radchenko wrote: > Max Nikulin writes: > > I decided not to introduce stdin. User can always use echo %i | ... instead. printf "%%s" %i should be safer. However in this particular case, input that may be recognized like echo options ("-n") should be wrapped with LaTeX delimiters. > Even stripping quotes is unreliable when we use the example from > docstring: 'literal:%i'. My idea is to recognize this case. If stripping is not performed then it is necessary to detect if user command is safe. Otherwise apostrophe in a formula (even after escaping) may cause leaking math to shell. I have not figured out if it is possible to bypass double quotes, but extra slashes may distort math expression. It is trivial to cause shell failure when single quotes are used around %i. I am in doubts concerning double quotes. Perhaps stripping them is more reliable. > Attaching tentative patch that fixes the problem. I think it is in the right direction. - Manual needs update as well. - I would explicitly stress that quotes causes undefined or even dangerous behavior. See e.g. the last paragraph https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s07.html - I expected it as bugfix. I have tried to add some unit tests, but I faced an issue with `org-create-math-formula'. It creates temporary files in `default-directory' and does not remove them on failure. Moreover, it does not work in a container where git is not installed: Debugger entered--Lisp error: (file-missing "Searching for program" "No such file or directory" "git") that is called from `find-file-hook'. (ert-deftest test-org/create-math-formula () "Test shell special characters escaping in `org-create-math-formula'." (let ((org-latex-to-mathml-convert-command "printf \"\" %i >%o")) ;; No backslashes added by `shell-quote-argumet' ;; are leaked to command arguments. dash(1) "Double Quotes": ;; ;; The backslash inside double quotes is historically weird, ;; and serves to quote only the following characters: ;; $ ` " \ . ;; Otherwise it remains literal. (should (equal "" (org-create-math-formula "(|)`[[\\]]{}#$'!"))) ;; Multiple words (should (equal "" (org-create-math-formula "words ; |"))) ;; Bypass single quote (should (equal "" (org-create-math-formula "apostrophe' ; |"))) ;; Bypass double quote (should (equal "" (org-create-math-formula "quote\" ; |")))))