From 80e7c9f80f10a61841be98bd6ccc1d13d12fe044 Mon Sep 17 00:00:00 2001
From: Gerard Vermeulen <gerard.vermeulen@posteo.net>
Date: Sat, 10 Feb 2024 14:04:55 +0100
Subject: [PATCH] ox-latex: String variables are not file local safe

* lisp/ox-latex.el (org-latex-default-figure-position):
(org-latex-default-quote-environment, org-latex-image-default-scale):
(org-latex-reference-command): File local safe string variables allow
to write Org files allowing to inject any command.

Link: https://list.orgmode.org/ffa77c01d47b15dfc0ae687cab95fb01@posteo.net/
---
 lisp/ox-latex.el | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/lisp/ox-latex.el b/lisp/ox-latex.el
index 937cbac2c..cfa2b8178 100644
--- a/lisp/ox-latex.el
+++ b/lisp/ox-latex.el
@@ -413,8 +413,7 @@ use of a package such as hyperref or cleveref and then change the format string
 to \"\\autoref{%s}\" or \"\\cref{%s}\" for example."
   :group 'org-export-latex
   :type 'string
-  :package-version '(Org . "9.5")
-  :safe #'stringp)
+  :package-version '(Org . "9.5"))
 
 ;;;; Preamble
 
@@ -734,8 +733,7 @@ or if the image is wrapped within a \"wrapfigure\" environment.
 Scale overrides width and height."
   :group 'org-export-latex
   :package-version '(Org . "9.3")
-  :type 'string
-  :safe #'stringp)
+  :type 'string)
 
 (defcustom org-latex-image-default-height ""
   "Default height for images.
@@ -752,8 +750,7 @@ environment."
   :group 'org-export-latex
   :type 'string
   :version "26.1"
-  :package-version '(Org . "9.0")
-  :safe #'stringp)
+  :package-version '(Org . "9.0"))
 
 (defcustom org-latex-inline-image-rules
   `(("file" . ,(rx "."
@@ -797,8 +794,7 @@ default we use here encompasses both."
   "Default environment used to `quote' blocks."
   :group 'org-export-latex
   :package-version '(Org . "9.5")
-  :type 'string
-  :safe #'stringp)
+  :type 'string)
 
 (defcustom org-latex-default-table-mode 'table
   "Default mode for tables.