On 10/05/2012 12:44 AM, Stephen J. Turnbull wrote:
Eric M. Ludlam writes:
> The issue is that if a user enables ede-mode, it will attempt to
> automatically identify a project whenever you visit a file. The
> unpatched version of EDE will then load whatever file is called
> Project.ede in order to create the project file stored within.
I second Mike's "thank you".
It's possible to (relatively) safely do this by `read'ing sexps from
the file rather than `load'ing the file. Users can still specify
executable code by using function symbols or lambdas, but they (and
you) have much finer control over if and when to evaluate it.
I think in the long run you should probably deprecate Project.ede-
style configuration and move to a format that is an alist or plist
that is read rather than loaded.
The patched version of EDE does indeed use 'read' instead of 'load'. In
addition, for each slot, it checks the :type of the slot, and verifies
that the read value matches the :type, which is really just part of
setting an object slot anyway.
Lastly, it checks what the class of the project is that it needs to
create, and will only create objects that subclass one of the EDE core
The new version of the read is in eieio-base.el for the persistent base
class if anyone is worried about the implementation. The CEDET bzr
repository, or the CEDET 1.1 released tar file has the latest version.
XEmacs-Beta mailing list