changeset 13547:87a9c1be0ae3 v8.0.1647

patch 8.0.1647: terminal API may call any user function commit https://github.com/vim/vim/commit/2a77d21f7893ba14e682a3c5891d606f117a3f36 Author: Bram Moolenaar <Bram@vim.org> Date: Mon Mar 26 21:38:52 2018 +0200 patch 8.0.1647: terminal API may call any user function Problem: Terminal API may call a function not meant to be called by this API. Solution: Require the function to start with Tapi_.
author Christian Brabandt <cb@256bit.org>
date Mon, 26 Mar 2018 21:45:07 +0200
parents dd1b0d2a49ae
children 32712864489b
files runtime/doc/terminal.txt src/terminal.c src/testdir/test_terminal.vim src/version.c
diffstat 4 files changed, 47 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/runtime/doc/terminal.txt
+++ b/runtime/doc/terminal.txt
@@ -423,20 +423,26 @@ Currently supported commands:
 
 	call {funcname} {argument}
 
-		Call a user defined function with [argument].  The function is
-		called with the buffer number of the terminal and the decoded
-		argument.  The user function must sanity check the argument.
+		Call a user defined function with {argument}.
+		The function is called with two arguments: the buffer number
+		of the terminal and {argument}, the decoded JSON argument. 
+		The function name must start with "Tapi_" to avoid
+		accidentally calling a function not meant to be used for the
+		terminal API
+		The user function should sanity check the argument.
 		The function can use |term_sendkeys()| to send back a reply.
 		Example in JSON: >
-			["call", "Impression", ["play", 14]]
+			["call", "Tapi_Impression", ["play", 14]]
 <		Calls a function defined like this: >
-			function Impression(bufnum, arglist)
+			function Tapi_Impression(bufnum, arglist)
 			  if len(a:arglist) == 2
-			    echo "impression " . a:arglist[0]
-			    echo "count " . a:arglist[1]
+			    echomsg "impression " . a:arglist[0]
+			    echomsg "count " . a:arglist[1]
 			  endif
 			endfunc
-<
+<		Output from `:echo` may be erased by a redraw, use `:echomsg`
+		to be able to see it with `:messages`.
+
 	drop {filename}
 
 		Let Vim open a file, like the `:drop` command.  If {filename}
@@ -447,7 +453,7 @@ Currently supported commands:
 
 A trick to have Vim send this escape sequence: >
 	exe "set t_ts=\<Esc>]51; t_fs=\x07"
-	let &titlestring = '["call","TryThis",["hello",123]]'
+	let &titlestring = '["call","Tapi_TryThis",["hello",123]]'
 	redraw
 	set t_ts& t_fs&
 
--- a/src/terminal.c
+++ b/src/terminal.c
@@ -3193,7 +3193,7 @@ handle_call_command(term_T *term, channe
     }
     func = get_tv_string(&item->li_tv);
 
-    if (!ASCII_ISUPPER(*func))
+    if (STRNCMP(func, "Tapi_", 5) != 0)
     {
 	ch_log(channel, "Invalid function name: %s", func);
 	return;
--- a/src/testdir/test_terminal.vim
+++ b/src/testdir/test_terminal.vim
@@ -1072,24 +1072,28 @@ func Test_terminal_api_drop_oldwin()
   bwipe Xtextfile
 endfunc
 
-func TryThis(bufnum, arg)
+func Tapi_TryThis(bufnum, arg)
   let g:called_bufnum = a:bufnum
   let g:called_arg = a:arg
 endfunc
 
+func WriteApiCall(funcname)
+  " Use the title termcap entries to output the escape sequence.
+  call writefile([
+	\ 'set title',
+	\ 'exe "set t_ts=\<Esc>]51; t_fs=\x07"',
+	\ 'let &titlestring = ''["call","' . a:funcname . '",["hello",123]]''',
+	\ 'redraw',
+	\ "set t_ts=",
+	\ ], 'Xscript')
+endfunc
+
 func Test_terminal_api_call()
   if !CanRunVimInTerminal()
     return
   endif
 
-  " Use the title termcap entries to output the escape sequence.
-  call writefile([
-	\ 'set title',
-	\ 'exe "set t_ts=\<Esc>]51; t_fs=\x07"',
-	\ 'let &titlestring = ''["call","TryThis",["hello",123]]''',
-	\ 'redraw',
-	\ "set t_ts=",
-	\ ], 'Xscript')
+  call WriteApiCall('Tapi_TryThis')
   let buf = RunVimInTerminal('-S Xscript', {})
   call WaitFor({-> exists('g:called_bufnum')})
   call assert_equal(buf, g:called_bufnum)
@@ -1100,3 +1104,19 @@ func Test_terminal_api_call()
   unlet g:called_bufnum
   unlet g:called_arg
 endfunc
+
+func Test_terminal_api_call_fails()
+  if !CanRunVimInTerminal()
+    return
+  endif
+
+  call WriteApiCall('TryThis')
+  call ch_logfile('Xlog', 'w')
+  let buf = RunVimInTerminal('-S Xscript', {})
+  call WaitFor({-> string(readfile('Xlog')) =~ 'Invalid function name: TryThis'})
+
+  call StopVimInTerminal(buf)
+  call delete('Xscript')
+  call ch_logfile('', '')
+  call delete('Xlog')
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -767,6 +767,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1647,
+/**/
     1646,
 /**/
     1645,