From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.help Subject: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] Date: Tue, 22 Jun 2021 21:25:33 +0300 Message-ID: <83v965u57m.fsf@gnu.org> References: <871r8vcrnm.fsf@posteo.net> <20210621141148.GA29347@tuxteam.de> <20210621211547.GA12274@tuxteam.de> <87pmwevjbs.fsf@zoho.eu> <83bl7yumh1.fsf@gnu.org> <8335taujt6.fsf@gnu.org> <83y2b1ubqt.fsf@gnu.org> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8726"; mail-complaints-to="usenet@ciao.gmane.io" To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jun 22 20:26:27 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lvl6P-00023l-36 for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 22 Jun 2021 20:26:25 +0200 Original-Received: from localhost ([::1]:36696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lvl6N-000610-Sq for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 22 Jun 2021 14:26:23 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:39748) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvl5p-00060s-Lw for help-gnu-emacs@gnu.org; Tue, 22 Jun 2021 14:25:49 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:41242) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lvl5p-0006jk-Ek for help-gnu-emacs@gnu.org; Tue, 22 Jun 2021 14:25:49 -0400 Original-Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:1520 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvl5p-0005I7-2P for help-gnu-emacs@gnu.org; Tue, 22 Jun 2021 14:25:49 -0400 In-Reply-To: (message from Jean Louis on Tue, 22 Jun 2021 21:01:59 +0300) X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:131203 Archived-At: > Date: Tue, 22 Jun 2021 21:01:59 +0300 > From: Jean Louis > Cc: help-gnu-emacs@gnu.org > > Avoiding string functions related to files seem to be now impossible. I never said anything to the contrary. > (defun rcd-crm-directory-by-id () > (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data)))) > > > I can now think of safer functions something like: `file-concat' > that could or make sure that concatenated directories and file on > the end exist or not. It depends on what you concatenate. Whenever you concatenate a directory and a file under that directory, expand-file-name is a better choice.