To: vim_dev@googlegroups.com Subject: Patch 8.1.1365 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.1365 Problem: Source command doesn't check for the sandbox. (Armin Razmjou) Solution: Check for the sandbox when sourcing a file. Files: src/getchar.c, src/testdir/test_source.vim *** ../vim-8.1.1364/src/getchar.c 2019-05-19 21:57:05.670320399 +0200 --- src/getchar.c 2019-05-22 20:33:44.175220749 +0200 *************** *** 1407,1412 **** --- 1407,1418 ---- emsg(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) + return; + #ifdef FEAT_EVAL if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ *** ../vim-8.1.1364/src/testdir/test_source.vim 2019-01-12 13:25:42.633479785 +0100 --- src/testdir/test_source.vim 2019-05-22 20:44:58.887015783 +0200 *************** *** 36,38 **** --- 36,47 ---- au! SourcePre au! SourcePost endfunc + + func Test_source_sandbox() + new + call writefile(["Ohello\"], 'Xsourcehello') + source! Xsourcehello | echo + call assert_equal('hello', getline(1)) + call assert_fails('sandbox source! Xsourcehello', 'E48:') + bwipe! + endfunc *** ../vim-8.1.1364/src/version.c 2019-05-21 23:08:56.969600854 +0200 --- src/version.c 2019-05-22 22:37:10.196825450 +0200 *************** *** 769,770 **** --- 769,772 ---- { /* Add new patch number below this line */ + /**/ + 1365, /**/ -- hundred-and-one symptoms of being an internet addict: 13. You refer to going to the bathroom as downloading. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///