diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/getchar.c | 7 | ||||
| -rw-r--r-- | src/nvim/testdir/test_source.vim | 10 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c index 44e4e09486..d4154a3748 100644 --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -1253,6 +1253,13 @@ openscript ( EMSG(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) { + return; + } + if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ return; diff --git a/src/nvim/testdir/test_source.vim b/src/nvim/testdir/test_source.vim new file mode 100644 index 0000000000..42ac0c4d0f --- /dev/null +++ b/src/nvim/testdir/test_source.vim @@ -0,0 +1,10 @@ +" Tests for the :source command. + +func Test_source_sandbox() + new + call writefile(["Ohello\<Esc>"], 'Xsourcehello') + source! Xsourcehello | echo + call assert_equal('hello', getline(1)) + call assert_fails('sandbox source! Xsourcehello', 'E48:') + bwipe! +endfunc |