Mercurial > vim
changeset 16726:fbab59a5ee6b v8.1.1365
patch 8.1.1365: source command doesn't check for the sandbox
commit https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
Author: Bram Moolenaar <Bram@vim.org>
Date: Wed May 22 22:38:25 2019 +0200
patch 8.1.1365: source command doesn't check for the sandbox
Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
Solution: Check for the sandbox when sourcing a file.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Wed, 22 May 2019 22:45:05 +0200 |
parents | 719dbc0bed23 |
children | 8be69877c5de |
files | src/getchar.c src/testdir/test_source.vim src/version.c |
diffstat | 3 files changed, 17 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/getchar.c +++ b/src/getchar.c @@ -1407,6 +1407,12 @@ openscript( emsg(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) + return; + #ifdef FEAT_EVAL if (ignore_script) /* Not reading from script, also don't open one. Warning message? */
--- a/src/testdir/test_source.vim +++ b/src/testdir/test_source.vim @@ -36,3 +36,12 @@ func Test_source_cmd() au! SourcePre au! SourcePost endfunc + +func Test_source_sandbox() + new + call writefile(["Ohello\<Esc>"], 'Xsourcehello') + source! Xsourcehello | echo + call assert_equal('hello', getline(1)) + call assert_fails('sandbox source! Xsourcehello', 'E48:') + bwipe! +endfunc