Mercurial > vim

diff src/diff.c @ 32218:9c6bc59b6d80 v9.0.1440

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1440: "rvim" can execute a shell through :diffpatch Commit: https://github.com/vim/vim/commit/23a971da506249fc8388f06cd5c011b83406ac5c Author: Bram Moolenaar <Bram@vim.org> Date: Tue Apr 4 22:04:53 2023 +0100 patch 9.0.1440: "rvim" can execute a shell through :diffpatch Problem: "rvim" can execute a shell through :diffpatch. Solution: Disallow the shell "patch" command.
author Bram Moolenaar <Bram@vim.org>
date Tue, 04 Apr 2023 23:15:06 +0200
parents 97255d909654
children 95db67c7b754
line wrap: on
line diff
--- a/src/diff.c
+++ b/src/diff.c
@@ -1310,6 +1310,9 @@ ex_diffpatch(exarg_T *eap)
     else
 #endif
     {
+	if (check_restricted())
+	    goto theend;
+
 	// Build the patch command and execute it.  Ignore errors.  Switch to
 	// cooked mode to allow the user to respond to prompts.
 	vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
@@ -1380,7 +1383,8 @@ ex_diffpatch(exarg_T *eap)
 
 		    // Do filetype detection with the new name.
 		    if (au_has_group((char_u *)"filetypedetect"))
-			do_cmdline_cmd((char_u *)":doau filetypedetect BufRead");
+			do_cmdline_cmd(
+				     (char_u *)":doau filetypedetect BufRead");
 		}
 	    }
 	}