Mercurial > vim
changeset 15058:5997b84a838a v8.1.0540
patch 8.1.0540: may evaluate insecure value when appending to option
commit https://github.com/vim/vim/commit/247bb7e43b47eb8407a1111bed60b61aceda52ad
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Nov 20 14:27:07 2018 +0100
patch 8.1.0540: may evaluate insecure value when appending to option
Problem: May evaluate insecure value when appending to option.
Solution: Set the secure flag when changing an option that was previously
set insecurely. Also allow numbers for the characters from
'spelllang' that are used for LANG.vim.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Tue, 20 Nov 2018 14:30:06 +0100 |
parents | ce319918d987 |
children | 15d7e79ef0f2 |
files | src/option.c src/version.c |
diffstat | 2 files changed, 36 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/option.c +++ b/src/option.c @@ -4705,6 +4705,8 @@ do_set( } else { + int value_is_replaced = !prepending && !adding && !removing; + if (flags & P_BOOL) /* boolean */ { if (nextchar == '=' || nextchar == ':') @@ -5209,12 +5211,36 @@ do_set( } #endif - /* Handle side effects, and set the global value for - * ":set" on local options. Note: when setting 'syntax' - * or 'filetype' autocommands may be triggered that can - * cause havoc. */ - errmsg = did_set_string_option(opt_idx, (char_u **)varp, - new_value_alloced, oldval, errbuf, opt_flags); + { + long_u *p = insecure_flag(opt_idx, opt_flags); + int did_inc_secure = FALSE; + + // When an option is set in the sandbox, from a + // modeline or in secure mode, then deal with side + // effects in secure mode. Also when the value was + // set with the P_INSECURE flag and is not + // completely replaced. + if (secure +#ifdef HAVE_SANDBOX + || sandbox != 0 +#endif + || (opt_flags & OPT_MODELINE) + || (!value_is_replaced && (*p & P_INSECURE))) + { + did_inc_secure = TRUE; + ++secure; + } + + // Handle side effects, and set the global value for + // ":set" on local options. Note: when setting 'syntax' + // or 'filetype' autocommands may be triggered that can + // cause havoc. + errmsg = did_set_string_option(opt_idx, (char_u **)varp, + new_value_alloced, oldval, errbuf, opt_flags); + + if (did_inc_secure) + --secure; + } #if defined(FEAT_EVAL) if (errmsg == NULL) @@ -5254,8 +5280,7 @@ do_set( } if (opt_idx >= 0) - did_set_option(opt_idx, opt_flags, - !prepending && !adding && !removing); + did_set_option(opt_idx, opt_flags, value_is_replaced); } skip: @@ -7758,7 +7783,7 @@ did_set_string_option( * '.encoding'. */ for (p = q; *p != NUL; ++p) - if (!ASCII_ISALPHA(*p) && *p != '-') + if (!ASCII_ISALNUM(*p) && *p != '-') break; if (p > q) {