Mercurial > vim
changeset 32218:9c6bc59b6d80 v9.0.1440
patch 9.0.1440: "rvim" can execute a shell through :diffpatch
Commit: https://github.com/vim/vim/commit/23a971da506249fc8388f06cd5c011b83406ac5c
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Apr 4 22:04:53 2023 +0100
patch 9.0.1440: "rvim" can execute a shell through :diffpatch
Problem: "rvim" can execute a shell through :diffpatch.
Solution: Disallow the shell "patch" command.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Tue, 04 Apr 2023 23:15:06 +0200 |
| parents | e0f5903c9f28 |
| children | a2680fb16a24 |
| files | src/diff.c src/testdir/test_diffmode.vim src/version.c |
| diffstat | 3 files changed, 22 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/diff.c +++ b/src/diff.c @@ -1310,6 +1310,9 @@ ex_diffpatch(exarg_T *eap) else #endif { + if (check_restricted()) + goto theend; + // Build the patch command and execute it. Ignore errors. Switch to // cooked mode to allow the user to respond to prompts. vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s", @@ -1380,7 +1383,8 @@ ex_diffpatch(exarg_T *eap) // Do filetype detection with the new name. if (au_has_group((char_u *)"filetypedetect")) - do_cmdline_cmd((char_u *)":doau filetypedetect BufRead"); + do_cmdline_cmd( + (char_u *)":doau filetypedetect BufRead"); } } }
--- a/src/testdir/test_diffmode.vim +++ b/src/testdir/test_diffmode.vim @@ -736,6 +736,21 @@ func Test_diffpatch() bwipe! endfunc +" FIXME: test fails, the Xresult file can't be read +func No_Test_diffpatch_restricted() + let lines =<< trim END + call assert_fails('diffpatch NoSuchDiff', 'E145:') + + call writefile(v:errors, 'Xresult') + qa! + END + call writefile(lines, 'Xrestricted', 'D') + if RunVim([], [], '-Z --clean -S Xrestricted') + call assert_equal([], readfile('Xresult')) + endif + call delete('Xresult') +endfunc + func Test_diff_too_many_buffers() for i in range(1, 8) exe "new Xtest" . i