]>
Commit | Line | Data |
---|---|---|
63868179 AG |
1 | To: vim-dev@vim.org |
2 | Subject: Patch 6.3.081 | |
3 | Fcc: outbox | |
4 | From: Bram Moolenaar <Bram@moolenaar.net> | |
5 | Mime-Version: 1.0 | |
6 | Content-Type: text/plain; charset=ISO-8859-1 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ------------ | |
9 | ||
10 | Patch 6.3.081 | |
11 | Problem: Unix: glob() may execute a shell command when it's not wanted. | |
12 | (Georgi Guninski) | |
13 | Solution: Verify the sandbox flag is not set. | |
14 | Files: src/os_unix.c | |
15 | ||
16 | ||
17 | *** ../vim-6.3.080/src/os_unix.c Sat Jan 29 16:14:42 2005 | |
18 | --- src/os_unix.c Tue Jul 19 22:29:34 2005 | |
19 | *************** | |
20 | *** 4700,4706 **** | |
21 | /* | |
22 | * Don't allow the use of backticks in secure and restricted mode. | |
23 | */ | |
24 | ! if (secure || restricted) | |
25 | for (i = 0; i < num_pat; ++i) | |
26 | if (vim_strchr(pat[i], '`') != NULL | |
27 | && (check_restricted() || check_secure())) | |
28 | --- 4700,4710 ---- | |
29 | /* | |
30 | * Don't allow the use of backticks in secure and restricted mode. | |
31 | */ | |
32 | ! if (secure || restricted | |
33 | ! # ifdef HAVE_SANDBOX | |
34 | ! || sandbox != 0 | |
35 | ! # endif | |
36 | ! ) | |
37 | for (i = 0; i < num_pat; ++i) | |
38 | if (vim_strchr(pat[i], '`') != NULL | |
39 | && (check_restricted() || check_secure())) | |
40 | *** ../vim-6.3.080/src/version.c Mon Jul 4 12:19:01 2005 | |
41 | --- src/version.c Tue Jul 19 22:26:32 2005 | |
42 | *************** | |
43 | *** 643,644 **** | |
44 | --- 643,646 ---- | |
45 | { /* Add new patch number below this line */ | |
46 | + /**/ | |
47 | + 81, | |
48 | /**/ | |
49 | ||
50 | -- | |
51 | With sufficient thrust, pigs fly just fine. | |
52 | -- RFC 1925 | |
53 | ||
54 | /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ | |
55 | /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ | |
56 | \\\ Project leader for A-A-P -- http://www.A-A-P.org /// | |
57 | \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html /// |