Mercurial > vim

comparison src/diff.c @ 32218:9c6bc59b6d80 v9.0.1440

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1440: "rvim" can execute a shell through :diffpatch Commit: https://github.com/vim/vim/commit/23a971da506249fc8388f06cd5c011b83406ac5c Author: Bram Moolenaar <Bram@vim.org> Date: Tue Apr 4 22:04:53 2023 +0100 patch 9.0.1440: "rvim" can execute a shell through :diffpatch Problem: "rvim" can execute a shell through :diffpatch. Solution: Disallow the shell "patch" command.
author Bram Moolenaar <Bram@vim.org>
date Tue, 04 Apr 2023 23:15:06 +0200
parents 97255d909654
children 95db67c7b754
comparison
equal deleted inserted replaced
32217:e0f5903c9f28 32218:9c6bc59b6d80
1308 # endif 1308 # endif
1309 eap->arg, tmp_new); 1309 eap->arg, tmp_new);
1310 else 1310 else
1311 #endif 1311 #endif
1312 { 1312 {
1313 if (check_restricted())
1314 goto theend;
1315
1313 // Build the patch command and execute it. Ignore errors. Switch to 1316 // Build the patch command and execute it. Ignore errors. Switch to
1314 // cooked mode to allow the user to respond to prompts. 1317 // cooked mode to allow the user to respond to prompts.
1315 vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s", 1318 vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
1316 tmp_new, tmp_orig, esc_name); 1319 tmp_new, tmp_orig, esc_name);
1317 block_autocmds(); // Avoid ShellCmdPost stuff 1320 block_autocmds(); // Avoid ShellCmdPost stuff
1378 eap->arg = newname; 1381 eap->arg = newname;
1379 ex_file(eap); 1382 ex_file(eap);
1380 1383
1381 // Do filetype detection with the new name. 1384 // Do filetype detection with the new name.
1382 if (au_has_group((char_u *)"filetypedetect")) 1385 if (au_has_group((char_u *)"filetypedetect"))
1383 do_cmdline_cmd((char_u *)":doau filetypedetect BufRead"); 1386 do_cmdline_cmd(
1387 (char_u *)":doau filetypedetect BufRead");
1384 } 1388 }
1385 } 1389 }
1386 } 1390 }
1387 } 1391 }
1388 1392