diff options
Diffstat (limited to 'data/vim/patches/8.1.1365')
| -rw-r--r-- | data/vim/patches/8.1.1365 | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/data/vim/patches/8.1.1365 b/data/vim/patches/8.1.1365 new file mode 100644 index 000000000..b5acbfd30 --- /dev/null +++ b/data/vim/patches/8.1.1365 @@ -0,0 +1,67 @@ +To: vim_dev@googlegroups.com +Subject: Patch 8.1.1365 +Fcc: outbox +From: Bram Moolenaar <Bram@moolenaar.net> +Mime-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +------------ + +Patch 8.1.1365 +Problem: Source command doesn't check for the sandbox. (Armin Razmjou) +Solution: Check for the sandbox when sourcing a file. +Files: src/getchar.c, src/testdir/test_source.vim + + +*** ../vim-8.1.1364/src/getchar.c 2019-05-19 21:57:05.670320399 +0200 +--- src/getchar.c 2019-05-22 20:33:44.175220749 +0200 +*************** +*** 1407,1412 **** +--- 1407,1418 ---- + emsg(_(e_nesting)); + return; + } ++ ++ // Disallow sourcing a file in the sandbox, the commands would be executed ++ // later, possibly outside of the sandbox. ++ if (check_secure()) ++ return; ++ + #ifdef FEAT_EVAL + if (ignore_script) + /* Not reading from script, also don't open one. Warning message? */ +*** ../vim-8.1.1364/src/testdir/test_source.vim 2019-01-12 13:25:42.633479785 +0100 +--- src/testdir/test_source.vim 2019-05-22 20:44:58.887015783 +0200 +*************** +*** 36,38 **** +--- 36,47 ---- + au! SourcePre + au! SourcePost + endfunc ++ ++ func Test_source_sandbox() ++ new ++ call writefile(["Ohello\<Esc>"], 'Xsourcehello') ++ source! Xsourcehello | echo ++ call assert_equal('hello', getline(1)) ++ call assert_fails('sandbox source! Xsourcehello', 'E48:') ++ bwipe! ++ endfunc +*** ../vim-8.1.1364/src/version.c 2019-05-21 23:08:56.969600854 +0200 +--- src/version.c 2019-05-22 22:37:10.196825450 +0200 +*************** +*** 769,770 **** +--- 769,772 ---- + { /* Add new patch number below this line */ ++ /**/ ++ 1365, + /**/ + +-- +hundred-and-one symptoms of being an internet addict: +13. You refer to going to the bathroom as downloading. + + /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ +/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ +\\\ an exciting new programming language -- http://www.Zimbu.org /// + \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |