From ca71c8219634d82bc6fbab2bbceb1c7c705cfed6 Mon Sep 17 00:00:00 2001
From: Jan Edmund Lazo <jan.lazo@mail.utoronto.ca>
Date: Sat, 23 Mar 2019 08:06:35 -0400
Subject: vim-patch:8.1.0538: evaluating a modeline might invoke using a shell
 command

Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.
https://github.com/vim/vim/commit/5958f95a40a4a44bd9e7f3b7ec6554a6ef3e42ca
---
 src/nvim/buffer.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c
index e333f552a8..d67783baa0 100644
--- a/src/nvim/buffer.c
+++ b/src/nvim/buffer.c
@@ -4943,7 +4943,12 @@ chk_modeline (
     if (*s != NUL) {                  /* skip over an empty "::" */
       save_SID = current_SID;
       current_SID = SID_MODELINE;
+      // Make sure no risky things are executed as a side effect.
+      sandbox++;
+
       retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+      sandbox--;
       current_SID = save_SID;
       if (retval == FAIL)                     /* stop if error found */
         break;
-- 
cgit