Ville, I’ve tested this, and it works. Norbert, you’re away for the next couple of weeks; does anyone else have access to build and release a new package? APPROVE COMMIT NOTE: This patch has been committed. xemacs-packages/edit-utils/ChangeLog addition: 2008-06-09 Aidan Kehoe <kehoea(a)parhasard.net&gt; * fast-lock.el (fast-lock-cache-directories): Remove the directory the file is in, to avoid running code from arbitrary other users. Update the docstring to motivate this. Also, mark it as a risky local variable to prevent it being evaluated in file local variable sections. Thank you Ulrich Müller, thank you Hans de Graaff. XEmacs Packages source patch: Diff command: cvs -q diff -Nu Files affected: xemacs-packages/edit-utils/fast-lock.el =================================================================== RCS Index: xemacs-packages/edit-utils/fast-lock.el =================================================================== RCS file: /pack/xemacscvs/XEmacs/packages/xemacs-packages/edit-utils/fast-lock.el,v retrieving revision 1.4 diff -u -u -r1.4 fast-lock.el --- xemacs-packages/edit-utils/fast-lock.el 2006/03/07 07:10:32 1.4 +++ xemacs-packages/edit-utils/fast-lock.el 2008/06/09 18:55:05 ＠＠ -247,7 +247,7 ＠＠  ;; User Variables: -(defcustom fast-lock-cache-directories '("." "~/.emacs-flc") +(defcustom fast-lock-cache-directories '("~/.emacs-flc") ; - `internal', keep each file's Font Lock cache file in the same file. ; - `external', keep each file's Font Lock cache file in the same directory. "*Directories in which Font Lock cache files are saved and read. ＠＠ -265,9 +265,14 ＠＠ ((\"^/your/true/home/directory/\" . \".\") \"~/.emacs-flc\") would cause a file's current directory to be used if the file is under your -home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'." +home directory hierarchy, or otherwise the absolute directory `~/.emacs-flc'. +For security reasons, it is not advisable to use the file's current directory +to avoid the possibility of using the cache of another user." :type '(repeat (choice (cons regexp directory) directory)) :group 'fast-lock) + +;;;###autoload +(put 'fast-lock-cache-directories 'risky-local-variable t) (defcustom fast-lock-minimum-size (* 25 1024) "*Minimum size of a buffer for cached fontification. -- ¿Dónde estará ahora mi sobrino Yoghurtu Nghé, que tuvo que huir precipitadamente de la aldea por culpa de la escasez de rinocerontes? _______________________________________________ XEmacs-Patches mailing list XEmacs-Patches(a)xemacs.org http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-patches