From 619a86cb1e8640e4b834ef1f85bd62b0fb5609f2 Mon Sep 17 00:00:00 2001
From: Björn Linse <bjorn.linse@gmail.com>
Date: Wed, 26 Jun 2019 08:11:51 +0200
Subject: eval/api: don't allow the API to be called in the sandbox.

Identifying and maintaining a "secure" subset of the API would be too
much busywork. So just disable the entire thing.
---
 src/nvim/eval.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/nvim/eval.c b/src/nvim/eval.c
index cd2888883b..ca2f4da22c 100644
--- a/src/nvim/eval.c
+++ b/src/nvim/eval.c
@@ -6669,6 +6669,10 @@ static void float_op_wrapper(typval_T *argvars, typval_T *rettv, FunPtr fptr)
 
 static void api_wrapper(typval_T *argvars, typval_T *rettv, FunPtr fptr)
 {
+  if (check_restricted() || check_secure()) {
+    return;
+  }
+
   ApiDispatchWrapper fn = (ApiDispatchWrapper)fptr;
 
   Array args = ARRAY_DICT_INIT;
-- 
cgit