]>
Commit | Line | Data |
---|---|---|
63868179 AG |
1 | To: vim-dev@vim.org |
2 | Subject: Patch 6.3.082 | |
3 | Fcc: outbox | |
4 | From: Bram Moolenaar <Bram@moolenaar.net> | |
5 | Mime-Version: 1.0 | |
6 | Content-Type: text/plain; charset=ISO-8859-1 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ------------ | |
9 | ||
10 | Patch 6.3.082 (after 6.3.081) | |
11 | Problem: Unix: expand() may execute a shell command when it's not wanted. | |
12 | (Georgi Guninski) | |
13 | Solution: A more generic solution than 6.3.081. | |
14 | Files: src/os_unix.c | |
15 | ||
16 | ||
17 | *** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005 | |
18 | --- src/os_unix.c Wed Jul 20 10:54:12 2005 | |
19 | *************** | |
20 | *** 4697,4710 **** | |
21 | if (!have_wildcard(num_pat, pat)) | |
22 | return save_patterns(num_pat, pat, num_file, file); | |
23 | ||
24 | /* | |
25 | * Don't allow the use of backticks in secure and restricted mode. | |
26 | */ | |
27 | ! if (secure || restricted | |
28 | ! # ifdef HAVE_SANDBOX | |
29 | ! || sandbox != 0 | |
30 | ! # endif | |
31 | ! ) | |
32 | for (i = 0; i < num_pat; ++i) | |
33 | if (vim_strchr(pat[i], '`') != NULL | |
34 | && (check_restricted() || check_secure())) | |
35 | --- 4697,4712 ---- | |
36 | if (!have_wildcard(num_pat, pat)) | |
37 | return save_patterns(num_pat, pat, num_file, file); | |
38 | ||
39 | + # ifdef HAVE_SANDBOX | |
40 | + /* Don't allow any shell command in the sandbox. */ | |
41 | + if (sandbox != 0 && check_secure()) | |
42 | + return FAIL; | |
43 | + # endif | |
44 | + | |
45 | /* | |
46 | * Don't allow the use of backticks in secure and restricted mode. | |
47 | */ | |
48 | ! if (secure || restricted) | |
49 | for (i = 0; i < num_pat; ++i) | |
50 | if (vim_strchr(pat[i], '`') != NULL | |
51 | && (check_restricted() || check_secure())) | |
52 | *** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005 | |
53 | --- src/version.c Wed Jul 20 11:03:50 2005 | |
54 | *************** | |
55 | *** 643,644 **** | |
56 | --- 643,646 ---- | |
57 | { /* Add new patch number below this line */ | |
58 | + /**/ | |
59 | + 82, | |
60 | /**/ | |
61 | ||
62 | -- | |
63 | No letters of the alphabet were harmed in the creation of this message. | |
64 | ||
65 | /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ | |
66 | /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ | |
67 | \\\ Project leader for A-A-P -- http://www.A-A-P.org /// | |
68 | \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html /// |