aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-24 03:44:06 -04:00
Code Activity

patch 8.1.1365: source command doesn't check for the sandbox

Browse Source 
Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
This commit is contained in:
Bram Moolenaar
2019-05-22 22:38:25 +02:00
parent 5c017b2de2
commit 5357552140
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/getchar.c
View File

@@ -1407,6 +1407,12 @@ openscript(
emsg(_(e_nesting)); emsg(_(e_nesting));
return; return;
} }
// Disallow sourcing a file in the sandbox, the commands would be executed
// later, possibly outside of the sandbox.
if (check_secure())
return;
#ifdef FEAT_EVAL #ifdef FEAT_EVAL
if (ignore_script) if (ignore_script)
/* Not reading from script, also don't open one. Warning message? */ /* Not reading from script, also don't open one. Warning message? */

9
src/testdir/test_source.vim
View File

@@ -36,3 +36,12 @@ func Test_source_cmd()
au! SourcePre au! SourcePre
au! SourcePost au! SourcePost
endfunc endfunc
func Test_source_sandbox()
new
call writefile(["Ohello\<Esc>"], 'Xsourcehello')
source! Xsourcehello | echo
call assert_equal('hello', getline(1))
call assert_fails('sandbox source! Xsourcehello', 'E48:')
bwipe!
endfunc

2
src/version.c
View File

@@ -767,6 +767,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1365,
/**/ /**/
1364, 1364,
/**/ /**/