blob: 7f662c1a47b5ed3ab3d953e8d95ce77585f3ca60 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
To: vim_dev@googlegroups.com
Subject: Patch 8.1.05
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------
Patch 8.1.0538
Problem: Evaluating a modeline might invoke using a shell command. (Paul
Huber)
Solution: Set the sandbox flag when setting options from a modeline.
Files: src/buffer.c
*** ../vim-8.1.0537/src/buffer.c 2018-11-10 17:33:23.087518814 +0100
--- src/buffer.c 2018-11-20 03:50:28.257857273 +0100
***************
*** 5522,5528 ****
--- 5522,5533 ----
current_sctx.sc_seq = 0;
current_sctx.sc_lnum = 0;
#endif
+ // Make sure no risky things are executed as a side effect.
+ ++sandbox;
+
retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+ --sandbox;
#ifdef FEAT_EVAL
current_sctx = save_current_sctx;
#endif
*** ../vim-8.1.0537/src/version.c 2018-11-20 02:42:37.111373664 +0100
--- src/version.c 2018-11-20 04:24:18.067361364 +0100
***************
*** 794,795 ****
--- 794,797 ----
{ /* Add new patch number below this line */
+ /**/
+ 538,
/**/
--
ARTHUR: Go on, Bors, chop its head off.
BORS: Right. Silly little bleeder. One rabbit stew coming up.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
|
