aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-24 03:44:06 -04:00
Code Activity

patch 8.1.0538: evaluating a modeline might invoke using a shell command

Browse Source 
Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.
This commit is contained in:
Bram Moolenaar
2018-11-20 04:25:21 +01:00
parent 48d23bb4de
commit 5958f95a40
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/buffer.c
View File

@@ -5522,7 +5522,12 @@ chk_modeline(
current_sctx.sc_seq = 0; current_sctx.sc_seq = 0;
current_sctx.sc_lnum = 0; current_sctx.sc_lnum = 0;
#endif #endif
// Make sure no risky things are executed as a side effect.
++sandbox;
retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags); retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
--sandbox;
#ifdef FEAT_EVAL #ifdef FEAT_EVAL
current_sctx = save_current_sctx; current_sctx = save_current_sctx;
#endif #endif

2
src/version.c
View File

@@ -792,6 +792,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
538,
/**/ /**/
537, 537,
/**/ /**/