4 From: Bram Moolenaar <Bram@moolenaar.net>
8 Problem: When running "rvim" or "vim -Z" it was still possible to execute a
9 shell command with system() and backtick-expansion. (Antonios A.
11 Solution: Disallow executing a shell command in get_cmd_output() and
12 mch_expand_wildcards().
13 Files: src/misc1.c, src/os_unix.c
16 *** ../vim-5.7.17/src/misc1.c Tue Jun 20 21:30:53 2000
17 --- src/misc1.c Thu Nov 16 16:45:35 2000
24 + if (check_restricted() || check_secure())
27 /* get a name for the temp file */
28 if ((tempname = vim_tempname('o')) == NULL)
30 *** ../vim-5.7.17/src/os_unix.c Wed Jun 7 17:24:21 2000
31 --- src/os_unix.c Thu Nov 16 17:02:34 2000
35 if (!have_wildcard(num_pat, pat))
36 return save_patterns(num_pat, pat, num_file, file);
39 + * Don't allow the use of backticks in secure and restricted mode.
41 + if (secure || restricted)
42 + for (i = 0; i < num_pat; ++i)
43 + if (vim_strchr(pat[i], '`') != NULL
44 + && (check_restricted() || check_secure()))
48 * get a name for the temp file
50 *** ../vim-5.7.17/src/version.c Thu Nov 16 17:06:52 2000
51 --- src/version.c Thu Nov 16 16:45:44 2000
55 { /* Add new patch number below this line */
61 hundred-and-one symptoms of being an internet addict:
62 156. You forget your friend's name but not her e-mail address.
64 /// Bram Moolenaar Bram@moolenaar.net http://www.moolenaar.net \\\
65 \\\ Vim: http://www.vim.org ICCF Holland: http://iccf-holland.org ///