diff options
| author | Justin M. Keyes <justinkz@gmail.com> | 2019-05-29 00:33:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-29 00:33:22 +0200 |
| commit | 4553fc5e6cb6c8c43f57c173d01b31a61e51d13f (patch) | |
| tree | b521bb8f2ae7d0c0f9ea6ebb1c489d8af79ab860 | |
| parent | 877d539904144b3fd1bbb6abaf8bc06fe3f9e1ac (diff) | |
| download | rneovim-4553fc5e6cb6c8c43f57c173d01b31a61e51d13f.tar.gz rneovim-4553fc5e6cb6c8c43f57c173d01b31a61e51d13f.tar.bz2 rneovim-4553fc5e6cb6c8c43f57c173d01b31a61e51d13f.zip | |
vim-patch:8.1.1365: :source should check sandbox #10082
Problem: Source command doesn't check for the sandbox. (Armin Razmjou)
Solution: Check for the sandbox when sourcing a file.
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
| -rw-r--r-- | src/nvim/getchar.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c index 94702a9a3a..243e6afcee 100644 --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -1244,6 +1244,13 @@ openscript ( EMSG(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) { + return; + } + if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ return; |