From 4553fc5e6cb6c8c43f57c173d01b31a61e51d13f Mon Sep 17 00:00:00 2001
From: "Justin M. Keyes" <justinkz@gmail.com>
Date: Wed, 29 May 2019 00:33:22 +0200
Subject: vim-patch:8.1.1365: :source should check sandbox #10082

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
---
 src/nvim/getchar.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src')

diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
index 94702a9a3a..243e6afcee 100644
--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -1244,6 +1244,13 @@ openscript (
     EMSG(_(e_nesting));
     return;
   }
+
+  // Disallow sourcing a file in the sandbox, the commands would be executed
+  // later, possibly outside of the sandbox.
+  if (check_secure()) {
+    return;
+  }
+
   if (ignore_script)
     /* Not reading from script, also don't open one.  Warning message? */
     return;
-- 
cgit