From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] Date: Tue, 22 Jun 2021 15:37:46 +0300 Message-ID: References: <87pmwgdiyj.fsf@zoho.eu> <83y2b3tq07.fsf@gnu.org> <871r8vcrnm.fsf@posteo.net> <20210621141148.GA29347@tuxteam.de> <20210621211547.GA12274@tuxteam.de> <87pmwevjbs.fsf@zoho.eu> <83bl7yumh1.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14546"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.7+183 (3d24855) (2021-05-28) Cc: help-gnu-emacs@gnu.org To: Eli Zaretskii Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Tue Jun 22 14:41:43 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lvfio-0003Zv-5B for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 22 Jun 2021 14:41:42 +0200 Original-Received: from localhost ([::1]:38272 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lvfin-0002Pj-3K for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 22 Jun 2021 08:41:41 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36286) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvfiP-0002Pa-Qf for help-gnu-emacs@gnu.org; Tue, 22 Jun 2021 08:41:17 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:41897) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvfiO-0006EY-4U; Tue, 22 Jun 2021 08:41:17 -0400 Original-Received: from localhost ([::ffff:197.157.0.61]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000076021.0000000060D1DA69.00007268; Tue, 22 Jun 2021 05:41:12 -0700 Mail-Followup-To: Eli Zaretskii , help-gnu-emacs@gnu.org Content-Disposition: inline In-Reply-To: <83bl7yumh1.fsf@gnu.org> Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -3 X-Spam_score: -0.4 X-Spam_bar: / X-Spam_report: (-0.4 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:131192 Archived-At: * Eli Zaretskii [2021-06-22 15:14]: > > Date: Tue, 22 Jun 2021 02:23:03 +0200 > > Emacs disagrees: > > > > (setq file "~/.emacs") > > (file-exists-p file) ; t > > (stringp file) ; t > > > > > But your side is not "the world", and therefore Eli's > > > warning was spot-on > > > > False alarm, as shown. It is safe to say, that warning can > > be ignored. > > Not a false alarm; ignore that warning at your own peril: > > (string-equal "~/foo" "/home/users/eliz/foo") => nil > (file-equal-p "~/foo" "/home/users/eliz/foo") => t > > and also: > > (string-equal "/home/users/eliz/foo" "/server/homes/users/eliz/foo") => nil > (file-equal-p "/home/users/eliz/foo" > "/server/homes/users/eliz/foo") => t The above example is insightful. Though it does not change the fact that even `file-equal-p' function uses strings as its parameters. Of course it is handling files with their file names represented in strings accordingly to the file system. The meaning of a string did not change its type. (rcd-db-connect DATABASE &optional PORT HOST USERNAME PASSWORD) The meaning of a string DATABASE will not change the type of a string accepted. It would not be clear to say that DATABASE is not just a string because if I provide wrong name of the database I would never connect to it. There is diffference between the meaning and type. > And what about the below, what's going on there? > > $ ls -l /usr/bin/emacs* > > -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs > -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs-27.2 > > (file-equal-p "/usr/bin/emacs" "/usr/bin/emacs-27.2") => t (type-of "/usr/bin/emacs") ⇒ string (type-of "/usr/bin/emacs-27.2") ⇒ string Repeat after me: "The meaning of a string is not equal to its type.."