Fix potential 'vulnerability' by disabling *read-eval* while reading …

…bookmarks.
knusbaum · Apr 18, 2018 · 8842cb7 · 8842cb7
1 parent 3031a1f
commit 8842cb7
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/bookmarks.lisp b/bookmarks.lisp
@@ -16,9 +16,10 @@
 (defun read-bookmarks (fname)
   (handler-case
       (with-open-file (is fname)
-        (let ((gopher-lines (read is)))
-          (make-instance 'bookmarks
-                         :bookmarks (cl-gopher:gopher-lines-from-alist gopher-lines))))
+        (let ((*read-eval* nil))
+          (let ((gopher-lines (read is)))
+            (make-instance 'bookmarks
+                           :bookmarks (cl-gopher:gopher-lines-from-alist gopher-lines)))))
     (file-error (e)
       (declare (ignore e))
       nil)))