aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-02-24 11:15:45 +0100
committerLudovic Courtès <ludo@gnu.org>2023-02-27 23:40:43 +0100
commit43c36c5c9f7a31649eb059fd16ed82bde20da3fc (patch)
tree305f5793c75a118ef9a76d8229110ee104859f35 /gnu
parent92a0e60a963a54230e400c5c2ae585205489bf35 (diff)
downloadguix-43c36c5c9f7a31649eb059fd16ed82bde20da3fc.tar
guix-43c36c5c9f7a31649eb059fd16ed82bde20da3fc.tar.gz
ui: 'display-hint' quotes extra arguments for Texinfo.
Fixes <https://issues.guix.gnu.org/61201>. Previously, common practice was to splice arbitrary strings (user names, file names, etc.) into Texinfo snippets passed to 'display-hint'. This is unsafe in the general case because at signs and braces need to be escaped to produced valid Texinfo. This commit addresses that. * guix/ui.scm (texinfo-quote): New procedure. (display-hint): When ARGUMENTS is non-empty, pass it to 'texinfo-quote' and call 'format'. (report-unbound-variable-error, check-module-matches-file) (display-collision-resolution-hint, run-guix-command): Remove explicit 'format' call; pass 'format' arguments as extra arguments to 'display-hint'. * gnu/services/monitoring.scm (zabbix-front-end-config): Likewise. * guix/scripts.scm (warn-about-disk-space): Likewise. * guix/scripts/build.scm (%standard-cross-build-options) (%standard-native-build-options): Likewise. * guix/scripts/describe.scm (display-checkout-info): Likewise. * guix/scripts/environment.scm (suggest-command-name): Likewise. * guix/scripts/home.scm (process-command): Likewise. * guix/scripts/home/edit.scm (service-type-not-found): Likewise. * guix/scripts/import.scm (guix-import): Likewise. * guix/scripts/package.scm (display-search-path-hint): Likewise. * guix/scripts/pull.scm (build-and-install): Likewise. * guix/scripts/shell.scm (auto-detect-manifest): Likewise. * guix/scripts/system.scm (check-file-system-availability): Likewise. (guix-system): Likewise. * guix/scripts/system/edit.scm (service-type-not-found): Likewise. * guix/status.scm (print-build-event): Likewise.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/services/monitoring.scm6
1 files changed, 4 insertions, 2 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 44e2e8886c..bbf8b10f8b 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -662,9 +662,11 @@ $DB['PASSWORD'] = " (let ((file (location-file %location))
(string-append "trim(file_get_contents('"
db-secret-file "'));\n"))
(begin
- (display-hint (format #f (G_ "~a:~a:~a: ~a:
+ (display-hint (G_ "~a:~a:~a: ~a:
Consider using @code{db-secret-file} instead of @code{db-password} for better
-security.") file line column 'zabbix-front-end-configuration))
+security.")
+ file line column
+ 'zabbix-front-end-configuration)
(format #f "'~a';~%" db-password))))
"
// Schema name. Used for IBM DB2 and PostgreSQL.