Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]

[Jean Louis]

* Eli Zaretskii <eliz@gnu.org> [2021-06-22 19:14]:
> And my point is that it is dangerous (a.k.a. "wrong") using string
> functions on file names when there are specially-designed file-name
> functions for those use cases.  Because those special-purpose
> functions are there for a reason, and disregarding those reasons is
> asking for trouble.  Like using string comparison for comparing file
> names: that was actually a reason for quite a few bugs in our code.
> My point was trying to prevent people from making those same mistakes.

I agree that dedicated file functions should be used whenever
possible. Now I am looking in some of my functions to review that:

People have their ID number, so directory may exist for each
person. But I cannot see a possibility to work with file paths that
are structured without using string functions. I can maybe verify if
some possible string represents directory or file, if it exists or if
it is readable, but more than that, I would not know practically what
to do.

Maybe my scope of using such generated file paths is out of the
mentioned scope.

To summarize, it is better to use file related functions whenever
possible, checking if it is directory, using functions like
`file-name-as-directory' and so on. 

Avoiding string functions related to files seem to be now impossible.

Like here below I have to `concat' or concatenate directory with
the file base name, as when I do "filing" it is rather filed by
year/month/date and either `concat' or format' has to be used.

    (dolist (file files)
      (let* ((basename (file-name-nondirectory file))
             (target (concat date-dir basename))
             (target (rcd-unique-file-name target)))
        (if (file-exists-p file)
            (progn
              (message (format "cf/file-by-contact: moving \"%s\" to \"%s\"" 
file target))
              (rename-file file target))
          (error (format "File does not exist: %s" file)))))))

(defun cf-directory-by-id (id)
  "Opens the dired directory for ID"
  (let* ((dir (dir-id id)))
    (unless (file-directory-p dir)
      (make-dir-id id))
    (dired dir)))

(defun dir-id (id)
  "Returns directory for contact ID"
  (format "%s/%s/" (rcd-crm-directory-by-id) id))

(defun rcd-crm-directory-by-id ()
  (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data))))

(defun rcd-crm-directory-data ()
  "Returns default CRM related directories"
  (let* ((sql "SELECT defaults_crmdir, defaults_crmbyid, defaults_crmbyname, 
defaults_crmdiraccount FROM defaults")
         (dirs (rcd-sql-first sql cf-db)) 
         (crmdir (aref dirs 0))
         (crmbyid (aref dirs 1))
         (crmbyname (aref dirs 2))
         (crmdiraccount (aref dirs 3)))
    (list crmdir crmbyid crmbyname crmdiraccount)))

(defun rcd-crm-directory ()
  (car (rcd-crm-directory-data)))

(defun rcd-crm-directory-by-id ()
  (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data))))


I can now think of safer functions something like: `file-concat'
that could or make sure that concatenated directories and file on
the end exist or not.