diff options
author | Bram Moolenaar <Bram@vim.org> | 2023-04-04 22:04:53 +0100 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2023-04-04 22:04:53 +0100 |
commit | 23a971da506249fc8388f06cd5c011b83406ac5c (patch) | |
tree | d9db98b1ba14c6f162011a63fb0fbb65c3b17e0c /src/diff.c | |
parent | cde8de034524d00aba4ff4142e658baff511e12d (diff) |
patch 9.0.1440: "rvim" can execute a shell through :diffpatchv9.0.1440
Problem: "rvim" can execute a shell through :diffpatch.
Solution: Disallow the shell "patch" command.
Diffstat (limited to 'src/diff.c')
-rw-r--r-- | src/diff.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/diff.c b/src/diff.c index a46f0bf81e..1873767106 100644 --- a/src/diff.c +++ b/src/diff.c @@ -1310,6 +1310,9 @@ ex_diffpatch(exarg_T *eap) else #endif { + if (check_restricted()) + goto theend; + // Build the patch command and execute it. Ignore errors. Switch to // cooked mode to allow the user to respond to prompts. vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s", @@ -1380,7 +1383,8 @@ ex_diffpatch(exarg_T *eap) // Do filetype detection with the new name. if (au_has_group((char_u *)"filetypedetect")) - do_cmdline_cmd((char_u *)":doau filetypedetect BufRead"); + do_cmdline_cmd( + (char_u *)":doau filetypedetect BufRead"); } } } |