# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1542720606 -3600
# Node ID 5997b84a838a0a93434739cf3e4ac37c7479d37d
# Parent  ce319918d987c6da875d9bcc017a2356594f3dd3
patch 8.1.0540: may evaluate insecure value when appending to option

commit https://github.com/vim/vim/commit/247bb7e43b47eb8407a1111bed60b61aceda52ad
Author: Bram Moolenaar <Bram@vim.org>
Date:   Tue Nov 20 14:27:07 2018 +0100

    patch 8.1.0540: may evaluate insecure value when appending to option

    Problem:    May evaluate insecure value when appending to option.
    Solution:   Set the secure flag when changing an option that was previously
                set insecurely.  Also allow numbers for the characters from
                'spelllang' that are used for LANG.vim.

diff --git a/src/option.c b/src/option.c
--- a/src/option.c
+++ b/src/option.c
@@ -4705,6 +4705,8 @@ do_set(
 	    }
 	    else
 	    {
+		int value_is_replaced = !prepending && !adding && !removing;
+
 		if (flags & P_BOOL)		    /* boolean */
 		{
 		    if (nextchar == '=' || nextchar == ':')
@@ -5209,12 +5211,36 @@ do_set(
 			}
 #endif
 
-			/* Handle side effects, and set the global value for
-			 * ":set" on local options. Note: when setting 'syntax'
-			 * or 'filetype' autocommands may be triggered that can
-			 * cause havoc. */
-			errmsg = did_set_string_option(opt_idx, (char_u **)varp,
-				new_value_alloced, oldval, errbuf, opt_flags);
+			{
+			    long_u *p = insecure_flag(opt_idx, opt_flags);
+			    int	    did_inc_secure = FALSE;
+
+			    // When an option is set in the sandbox, from a
+			    // modeline or in secure mode, then deal with side
+			    // effects in secure mode.  Also when the value was
+			    // set with the P_INSECURE flag and is not
+			    // completely replaced.
+			    if (secure
+#ifdef HAVE_SANDBOX
+				    || sandbox != 0
+#endif
+				    || (opt_flags & OPT_MODELINE)
+				    || (!value_is_replaced && (*p & P_INSECURE)))
+			    {
+				did_inc_secure = TRUE;
+				++secure;
+			    }
+
+			    // Handle side effects, and set the global value for
+			    // ":set" on local options. Note: when setting 'syntax'
+			    // or 'filetype' autocommands may be triggered that can
+			    // cause havoc.
+			    errmsg = did_set_string_option(opt_idx, (char_u **)varp,
+				    new_value_alloced, oldval, errbuf, opt_flags);
+
+			    if (did_inc_secure)
+				--secure;
+			}
 
 #if defined(FEAT_EVAL)
 			if (errmsg == NULL)
@@ -5254,8 +5280,7 @@ do_set(
 		}
 
 		if (opt_idx >= 0)
-		    did_set_option(opt_idx, opt_flags,
-					 !prepending && !adding && !removing);
+		    did_set_option(opt_idx, opt_flags, value_is_replaced);
 	    }
 
 skip:
@@ -7758,7 +7783,7 @@ did_set_string_option(
 	     * '.encoding'.
 	     */
 	    for (p = q; *p != NUL; ++p)
-		if (!ASCII_ISALPHA(*p) && *p != '-')
+		if (!ASCII_ISALNUM(*p) && *p != '-')
 		    break;
 	    if (p > q)
 	    {
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -793,6 +793,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    540,
+/**/
     539,
 /**/
     538,