[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Printf and quoting in general, SQL injection in particular [was: Ema
From: |
Jean Louis |
Subject: |
Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] |
Date: |
Tue, 22 Jun 2021 15:37:46 +0300 |
User-agent: |
Mutt/2.0.7+183 (3d24855) (2021-05-28) |
* Eli Zaretskii <eliz@gnu.org> [2021-06-22 15:14]:
> > Date: Tue, 22 Jun 2021 02:23:03 +0200
> > Emacs disagrees:
> >
> > (setq file "~/.emacs")
> > (file-exists-p file) ; t
> > (stringp file) ; t
> >
> > > But your side is not "the world", and therefore Eli's
> > > warning was spot-on
> >
> > False alarm, as shown. It is safe to say, that warning can
> > be ignored.
>
> Not a false alarm; ignore that warning at your own peril:
>
> (string-equal "~/foo" "/home/users/eliz/foo") => nil
> (file-equal-p "~/foo" "/home/users/eliz/foo") => t
>
> and also:
>
> (string-equal "/home/users/eliz/foo" "/server/homes/users/eliz/foo") => nil
> (file-equal-p "/home/users/eliz/foo"
> "/server/homes/users/eliz/foo") => t
The above example is insightful. Though it does not change the fact
that even `file-equal-p' function uses strings as its parameters. Of
course it is handling files with their file names represented in
strings accordingly to the file system.
The meaning of a string did not change its type.
(rcd-db-connect DATABASE &optional PORT HOST USERNAME PASSWORD)
The meaning of a string DATABASE will not change the type of a string
accepted. It would not be clear to say that DATABASE is not just a
string because if I provide wrong name of the database I would never
connect to it. There is diffference between the meaning and type.
> And what about the below, what's going on there?
>
> $ ls -l /usr/bin/emacs*
>
> -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs
> -rwxr-xr-x 2 eliz None 81081674 2021-03-25 15:54 /usr/bin/emacs-27.2
>
> (file-equal-p "/usr/bin/emacs" "/usr/bin/emacs-27.2") => t
(type-of "/usr/bin/emacs") ⇒ string
(type-of "/usr/bin/emacs-27.2") ⇒ string
Repeat after me: "The meaning of a string is not equal to its type.."
- Re: Printf and quoting in general, SQL injection in particular, (continued)
- Re: Printf and quoting in general, SQL injection in particular, Jean Louis, 2021/06/28
- Re: Emacs Modular Configuration: the preferable way., Jean Louis, 2021/06/21
- Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], tomas, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/28
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/21
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way],
Jean Louis <=
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/22
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Eli Zaretskii, 2021/06/26
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/28
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Jean Louis, 2021/06/28
- Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way], Emanuel Berg, 2021/06/26