Mercurial > vim
view src/vimrun.c @ 33420:aa7cd2253130 v9.0.1968
patch 9.0.1968: cmdline completion should consider key option
Commit: https://github.com/vim/vim/commit/6ee7b521fa7531ef356ececc8be7575c3800f872
Author: Yee Cheng Chin <ychin.git@gmail.com>
Date: Sun Oct 1 09:13:22 2023 +0200
patch 9.0.1968: cmdline completion should consider key option
Problem: cmdline completion should consider key option
Solution: Disable cmdline completion for key option, slightly
refactor how P_NO_CMD_EXPAND is handled
Harden crypto 'key' option: turn off cmdline completion, disable set-=
"set-=" can be used maliciously with a crypto key, as it allows an
attacker (who either has access to the computer or a plugin author) to
guess a substring by observing the modified state. Simply turn off
set+=/-=/^= for this option as there is no good reason for them to be
used.
Update docs to make that clear as well.
Also, don't allow cmdline completion for 'key' as it just shows *****
which is not useful and confusing to the user what it means (if the user
accidentally hits enter they will have replaced their key with "*****"
instead).
Move logic to better location, don't use above 32-bit for flags
Move P_NO_CMD_EXPAND to use the unused 0x20 instead of going above
32-bits, as currently the flags parameter is only 32-bits on some
systems. Left a comment to warn that future additions will need to
change how the flags work either by making it 64-bit or split into two
member vars.
Also, move the logic for detecting P_NO_CMD_EXPAND earlier so it's not
up to each handler to decide, and you won't see the temporary "..." that
Vim shows while waiting for completion handler to complete.
closes: #13224
Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 01 Oct 2023 09:30:03 +0200 |
| parents | 2559dc02bd64 |
| children |
line wrap: on
line source
/* vi:set ts=8 sts=4 sw=4 noet: * * VIM - Vi IMproved by Bram Moolenaar * this file by Vince Negri * * Do ":help uganda" in Vim to read copying and usage conditions. * Do ":help credits" in Vim to see a list of people who contributed. * See README.txt for an overview of the Vim source code. */ /* * vimrun.c - Tiny Win32 program to safely run an external command in a * DOS console. * This program is required to avoid that typing CTRL-C in the DOS * console kills Vim. Now it only kills vimrun. */ #include <stdio.h> #include <stdlib.h> #include <conio.h> #ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN #endif #include <windows.h> int main(void) { const wchar_t *p; wchar_t *cmd; size_t cmdlen; int retval; int inquote = 0; int silent = 0; HANDLE hstdout; DWORD written; p = (const wchar_t *)GetCommandLineW(); /* * Skip the executable name, which might be in "". */ while (*p) { if (*p == L'"') inquote = !inquote; else if (!inquote && *p == L' ') { ++p; break; } ++p; } while (*p == L' ') ++p; /* * "-s" argument: don't wait for a key hit. */ if (p[0] == L'-' && p[1] == L's' && p[2] == L' ') { silent = 1; p += 3; while (*p == L' ') ++p; } // Print the command, including quotes and redirection. hstdout = GetStdHandle(STD_OUTPUT_HANDLE); WriteConsoleW(hstdout, p, wcslen(p), &written, NULL); WriteConsoleW(hstdout, L"\r\n", 2, &written, NULL); // If the command starts and ends with double quotes, // Enclose the command in parentheses. cmd = NULL; cmdlen = wcslen(p); if (cmdlen >= 2 && p[0] == L'"' && p[cmdlen - 1] == L'"') { cmdlen += 3; cmd = malloc(cmdlen * sizeof(wchar_t)); if (cmd == NULL) { perror("vimrun malloc(): "); return -1; } _snwprintf(cmd, cmdlen, L"(%s)", p); p = cmd; } /* * Do it! */ retval = _wsystem(p); if (cmd) free(cmd); if (retval == -1) perror("vimrun system(): "); else if (retval != 0) printf("shell returned %d\n", retval); if (!silent) { puts("Hit any key to close this window..."); while (_kbhit()) (void)_getch(); (void)_getch(); } return retval; }