From a0962e02fdc8e345961a946801f7370bf546e09c Mon Sep 17 00:00:00 2001
From: Carsten Dominik <carsten.dominik@gmail.com>
Date: Wed, 30 Jun 2010 15:29:55 +0200
Subject: [PATCH] Increase security by limiting what file variables can do for
 evaluation query.

* lisp/org.el (org-confirm-shell-link-function):
(org-confirm-elisp-link-function): Limit the values that can be set by
file variables.
---
 lisp/org.el | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lisp/org.el b/lisp/org.el
index 9bbe090ad..f2d9ade80 100644
--- a/lisp/org.el
+++ b/lisp/org.el
@@ -1488,6 +1488,9 @@ single keystroke rather than having to type \"yes\"."
 	  (const :tag "with yes-or-no (safer)" yes-or-no-p)
 	  (const :tag "with y-or-n (faster)" y-or-n-p)
 	  (const :tag "no confirmation (dangerous)" nil)))
+(put 'org-confirm-shell-link-function
+     'safe-local-variable
+     '(lambda (x) (member x '(yes-or-no-p y-or-n-p))))
 
 (defcustom org-confirm-elisp-link-function 'yes-or-no-p
   "Non-nil means ask for confirmation before executing Emacs Lisp links.
@@ -1505,6 +1508,9 @@ single keystroke rather than having to type \"yes\"."
 	  (const :tag "with yes-or-no (safer)" yes-or-no-p)
 	  (const :tag "with y-or-n (faster)" y-or-n-p)
 	  (const :tag "no confirmation (dangerous)" nil)))
+(put 'org-confirm-shell-link-function
+     'safe-local-variable
+     '(lambda (x) (member x '(yes-or-no-p y-or-n-p))))
 
 (defconst org-file-apps-defaults-gnu
   '((remote . emacs)
-- 
2.11.4.GIT