Re: Printf and quoting in general, SQL injection in particular [was: Ema

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Printf and quoting in general, SQL injection in particular [was: Ema

From:	Eli Zaretskii
Subject:	Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Date:	Tue, 22 Jun 2021 21:25:33 +0300

> Date: Tue, 22 Jun 2021 21:01:59 +0300
> From: Jean Louis <bugs@gnu.support>
> Cc: help-gnu-emacs@gnu.org
> 
> Avoiding string functions related to files seem to be now impossible.

I never said anything to the contrary.

> (defun rcd-crm-directory-by-id ()
>   (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data))))
> 
> 
> I can now think of safer functions something like: `file-concat'
> that could or make sure that concatenated directories and file on
> the end exist or not.

It depends on what you concatenate.  Whenever you concatenate a
directory and a file under that directory, expand-file-name is a
better choice.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], (continued)

Prev by Date: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Next by Date: Re: other diary blog entries
Previous by thread: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Next by thread: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Index(es):
- Date
- Thread