help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Printf and quoting in general, SQL injection in particular [was: Ema


From: Jean Louis
Subject: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Date: Tue, 22 Jun 2021 15:37:46 +0300
User-agent: Mutt/2.0.7+183 (3d24855) (2021-05-28)

* Eli Zaretskii <eliz@gnu.org> [2021-06-22 15:14]:
> > Date: Tue, 22 Jun 2021 02:23:03 +0200
> > Emacs disagrees:
> > 
> >   (setq file "~/.emacs")
> >   (file-exists-p file) ; t
> >   (stringp file) ; t
> > 
> > > But your side is not "the world", and therefore Eli's
> > > warning was spot-on
> > 
> > False alarm, as shown. It is safe to say, that warning can
> > be ignored.
> 
> Not a false alarm; ignore that warning at your own peril:
> 
>   (string-equal "~/foo" "/home/users/eliz/foo") => nil
>   (file-equal-p "~/foo" "/home/users/eliz/foo") => t
> 
> and also:
> 
>   (string-equal "/home/users/eliz/foo" "/server/homes/users/eliz/foo") => nil
>   (file-equal-p "/home/users/eliz/foo"
>   "/server/homes/users/eliz/foo") => t

The above example is insightful. Though it does not change the fact
that even `file-equal-p' function uses strings as its parameters. Of
course it is handling files with their file names represented in
strings accordingly to the file system. 

The meaning of a string did not change its type.

(rcd-db-connect DATABASE &optional PORT HOST USERNAME PASSWORD)

The meaning of a string DATABASE will not change the type of a string
accepted. It would not be clear to say that DATABASE is not just a
string because if I provide wrong name of the database I would never
connect to it. There is diffference between the meaning and type.

> And what about the below, what's going on there?
> 
>   $ ls -l /usr/bin/emacs*
> 
>   -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs
>   -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs-27.2
> 
>   (file-equal-p "/usr/bin/emacs" "/usr/bin/emacs-27.2") => t

(type-of "/usr/bin/emacs") ⇒ string
(type-of "/usr/bin/emacs-27.2") ⇒ string

Repeat after me: "The meaning of a string is not equal to its type.."




reply via email to

[Prev in Thread] Current Thread [Next in Thread]