changeset 14842:7379bc1c3498 v8.1.0433

patch 8.1.0433: mapping can obtain text from inputsecret() commit https://github.com/vim/vim/commit/31cbadf74bccc2a5cd8233bc31bbcfe466b00021 Author: Bram Moolenaar <Bram@vim.org> Date: Tue Sep 25 20:48:57 2018 +0200 patch 8.1.0433: mapping can obtain text from inputsecret() Problem: Mapping can obtain text from inputsecret(). (Tommy Allen) Solution: Disallow CTRL-R = and CTRL-\ e when using inputsecret().
author Christian Brabandt <cb@256bit.org>
date Tue, 25 Sep 2018 21:00:06 +0200
parents b58eb884380f
children 049e5d1f1eb0
files src/ex_getln.c src/version.c
diffstat 2 files changed, 9 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -1308,7 +1308,11 @@ getcmdline(
 	    /* CTRL-\ e doesn't work when obtaining an expression, unless it
 	     * is in a mapping. */
 	    if (c != Ctrl_N && c != Ctrl_G && (c != 'e'
-				    || (ccline.cmdfirstc == '=' && KeyTyped)))
+				    || (ccline.cmdfirstc == '=' && KeyTyped)
+#ifdef FEAT_EVAL
+				    || cmdline_star
+#endif
+				    ))
 	    {
 		vungetc(c);
 		c = Ctrl_BSL;
@@ -1801,7 +1805,8 @@ getcmdline(
 		new_cmdpos = -1;
 		if (c == '=')
 		{
-		    if (ccline.cmdfirstc == '=')/* can't do this recursively */
+		    if (ccline.cmdfirstc == '=' // can't do this recursively
+			    || cmdline_star)	// or when typing a password
 		    {
 			beep_flush();
 			c = ESC;
--- a/src/version.c
+++ b/src/version.c
@@ -795,6 +795,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    433,
+/**/
     432,
 /**/
     431,