changeset 8983:5cbd81536f27 v7.4.1777

commit https://github.com/vim/vim/commit/3849992b16011e36a5cb5be4b127f843389b96fd Author: Bram Moolenaar <Bram@vim.org> Date: Fri Apr 22 20:46:52 2016 +0200 patch 7.4.1777 Problem: Newly added features can escape the sandbox. Solution: Add checks for restricted and secure. (Yasuhiro Matsumoto)
author Christian Brabandt <cb@256bit.org>
date Fri, 22 Apr 2016 21:00:04 +0200
parents 57e814658ff0
children 4210ef398972
files src/eval.c src/version.c
diffstat 2 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/eval.c
+++ b/src/eval.c
@@ -10408,6 +10408,8 @@ f_ch_logfile(typval_T *argvars, typval_T
 f_ch_open(typval_T *argvars, typval_T *rettv)
 {
     rettv->v_type = VAR_CHANNEL;
+    if (check_restricted() || check_secure())
+	return;
     rettv->vval.v_channel = channel_open_func(argvars);
 }
 
@@ -15078,6 +15080,8 @@ f_job_setoptions(typval_T *argvars, typv
 f_job_start(typval_T *argvars, typval_T *rettv)
 {
     rettv->v_type = VAR_JOB;
+    if (check_restricted() || check_secure())
+	return;
     rettv->vval.v_job = job_start(argvars);
 }
 
@@ -16821,8 +16825,6 @@ check_connection(void)
 #endif
 
 #ifdef FEAT_CLIENTSERVER
-static void remote_common(typval_T *argvars, typval_T *rettv, int expr);
-
     static void
 remote_common(typval_T *argvars, typval_T *rettv, int expr)
 {
@@ -20683,6 +20685,8 @@ f_timer_start(typval_T *argvars, typval_
     char_u  *callback;
     dict_T  *dict;
 
+    if (check_secure())
+	return;
     if (argvars[2].v_type != VAR_UNKNOWN)
     {
 	if (argvars[2].v_type != VAR_DICT
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1777,
+/**/
     1776,
 /**/
     1775,