format_line: deny conversions (!r, !s, !a)

src/borg/helpers.py

@@ -784,9 +784,10 @@ class DatetimeWrapper:
 
 
 def format_line(format, data):
-    keys = [f[1] for f in Formatter().parse(format)]
-    for key in keys:
-        if '.' in key or '__' in key:
+    for _, key, _, conversion in Formatter().parse(format):
+        if not key:
+            continue
+        if '.' in key or '__' in key or conversion:
             raise InvalidPlaceholder(key, format)
     try:
         return format.format(**data)

src/borg/testsuite/helpers.py

@@ -1213,6 +1213,10 @@ def test_format_line_erroneous():
         assert format_line('{invalid}', data)
     with pytest.raises(PlaceholderError):
         assert format_line('{}', data)
+    with pytest.raises(PlaceholderError):
+        assert format_line('{now!r}', data)
+    with pytest.raises(PlaceholderError):
+        assert format_line('{now.__class__.__module__.__builtins__}', data)
 
 
 def test_replace_placeholders():