To: vim_dev@googlegroups.com Subject: Patch 8.1.05 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.0538 Problem: Evaluating a modeline might invoke using a shell command. (Paul Huber) Solution: Set the sandbox flag when setting options from a modeline. Files: src/buffer.c *** ../vim-8.1.0537/src/buffer.c 2018-11-10 17:33:23.087518814 +0100 --- src/buffer.c 2018-11-20 03:50:28.257857273 +0100 *************** *** 5522,5528 **** --- 5522,5533 ---- current_sctx.sc_seq = 0; current_sctx.sc_lnum = 0; #endif + // Make sure no risky things are executed as a side effect. + ++sandbox; + retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags); + + --sandbox; #ifdef FEAT_EVAL current_sctx = save_current_sctx; #endif *** ../vim-8.1.0537/src/version.c 2018-11-20 02:42:37.111373664 +0100 --- src/version.c 2018-11-20 04:24:18.067361364 +0100 *************** *** 794,795 **** --- 794,797 ---- { /* Add new patch number below this line */ + /**/ + 538, /**/ -- ARTHUR: Go on, Bors, chop its head off. BORS: Right. Silly little bleeder. One rabbit stew coming up. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///