diff options
| -rw-r--r-- | runtime/doc/deprecated.txt | 4 | ||||
| -rw-r--r-- | runtime/doc/news.txt | 2 | ||||
| -rw-r--r-- | runtime/doc/options.txt | 14 | ||||
| -rw-r--r-- | runtime/doc/vim_diff.txt | 2 | ||||
| -rw-r--r-- | src/nvim/lua/executor.c | 24 | ||||
| -rw-r--r-- | src/nvim/main.c | 12 | ||||
| -rw-r--r-- | src/nvim/testdir/test_startup.vim | 1 |
7 files changed, 53 insertions, 6 deletions
diff --git a/runtime/doc/deprecated.txt b/runtime/doc/deprecated.txt index 5e6bc957a1..401ac87d90 100644 --- a/runtime/doc/deprecated.txt +++ b/runtime/doc/deprecated.txt @@ -128,10 +128,6 @@ NORMAL COMMANDS OPTIONS - *cpo-<* *:menu-<special>* *:menu-special* *:map-<special>* *:map-special* `<>` notation is always enabled. -- *'exrc'* *'ex'* Security risk: downloaded files could include - a malicious .nvimrc or .exrc file. See 'secure'. - Recommended alternative: define an autocommand in your - |vimrc| to set options for a matching directory. - 'gdefault' Enables the |:substitute| flag 'g' by default. - *'fe'* 'fenc'+'enc' before Vim 6.0; no longer used. - *'highlight'* *'hl'* Names of builtin |highlight-groups| cannot be changed. diff --git a/runtime/doc/news.txt b/runtime/doc/news.txt index 2aa4bea73b..42a5d7e7ee 100644 --- a/runtime/doc/news.txt +++ b/runtime/doc/news.txt @@ -60,6 +60,8 @@ CHANGED FEATURES *news-changes* The following changes to existing APIs or features add new behavior. +• 'exrc' is no longer marked deprecated. + ============================================================================== REMOVED FEATURES *news-removed* diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt index fd76f11046..6c1edb9c69 100644 --- a/runtime/doc/options.txt +++ b/runtime/doc/options.txt @@ -2264,6 +2264,20 @@ A jump table for the options with a short description can be found at |Q_op|. This option is reset when the 'paste' option is set and restored when the 'paste' option is reset. + *'exrc'* *'ex'* *'noexrc'* *'noex'* +'exrc' 'ex' boolean (default off) + global + Enables the reading of .nvimrc and .exrc files in the current + directory. + + The file is only sourced if the user indicates the file is trusted. If + it is, the SHA256 hash of the file contents and the full path of the + file are persisted to a trust database. The user is only prompted + again if the file contents change. See |vim.secure.read()|. + + This option cannot be set from a |modeline| or in the |sandbox|, for + security reasons. + *'fileencoding'* *'fenc'* *E213* 'fileencoding' 'fenc' string (default: "") local to buffer diff --git a/runtime/doc/vim_diff.txt b/runtime/doc/vim_diff.txt index fe6c28c809..357024aca0 100644 --- a/runtime/doc/vim_diff.txt +++ b/runtime/doc/vim_diff.txt @@ -417,6 +417,8 @@ Options: 'jumpoptions' "view" tries to restore the |mark-view| when moving through the |jumplist|, |changelist|, |alternate-file| or using |mark-motions|. 'shortmess' the "F" flag does not affect output from autocommands + 'exrc' searches for ".nvimrc" or ".exrc" files. The user is prompted whether + to trust the file. Shell: Shell output (|:!|, |:make|, …) is always routed through the UI, so it diff --git a/src/nvim/lua/executor.c b/src/nvim/lua/executor.c index 79cc3ed112..43a3b12a98 100644 --- a/src/nvim/lua/executor.c +++ b/src/nvim/lua/executor.c @@ -2193,3 +2193,27 @@ plain: kv_printf(str, "<Lua %d>", ref); return str.items; } + +char *nlua_read_secure(const char *path) +{ + lua_State *const lstate = global_lstate; + lua_getglobal(lstate, "vim"); + lua_getfield(lstate, -1, "secure"); + lua_getfield(lstate, -1, "read"); + lua_pushstring(lstate, path); + lua_call(lstate, 1, 1); + + size_t len = 0; + const char *contents = lua_tolstring(lstate, -1, &len); + char *buf = NULL; + if (contents != NULL) { + // Add one to include trailing null byte + buf = xcalloc(len + 1, sizeof(char)); + memcpy(buf, contents, len + 1); + } + + // Pop return value, "vim", and "secure" + lua_pop(lstate, 3); + + return buf; +} diff --git a/src/nvim/main.c b/src/nvim/main.c index d8570f49eb..e8c1c98c38 100644 --- a/src/nvim/main.c +++ b/src/nvim/main.c @@ -2002,7 +2002,11 @@ static void source_startup_scripts(const mparm_T *const parmp) #endif secure = p_secure; - if (do_source(VIMRC_FILE, true, DOSO_VIMRC) == FAIL) { + char *str = nlua_read_secure(VIMRC_FILE); + if (str != NULL) { + do_source_str(str, VIMRC_FILE); + xfree(str); + } else { #if defined(UNIX) // if ".exrc" is not owned by user set 'secure' mode if (!os_file_owned(EXRC_FILE)) { @@ -2011,7 +2015,11 @@ static void source_startup_scripts(const mparm_T *const parmp) secure = 0; } #endif - (void)do_source(EXRC_FILE, false, DOSO_NONE); + str = nlua_read_secure(EXRC_FILE); + if (str != NULL) { + do_source_str(str, EXRC_FILE); + xfree(str); + } } } if (secure == 2) { diff --git a/src/nvim/testdir/test_startup.vim b/src/nvim/testdir/test_startup.vim index f9f7c5b492..42467c5508 100644 --- a/src/nvim/testdir/test_startup.vim +++ b/src/nvim/testdir/test_startup.vim @@ -1024,6 +1024,7 @@ endfunc " Test for using the 'exrc' option func Test_exrc() + throw 'Skipped: Nvim requires user input for the exrc option' let after =<< trim [CODE] call assert_equal(1, &exrc) call assert_equal(1, &secure) |