To: vim_dev@googlegroups.com
Subject: Patch 9.0.1440
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 9.0.1440
Problem:    "rvim" can execute a shell through :diffpatch.
Solution:   Disallow the shell "patch" command.
Files:      src/diff.c, src/testdir/test_diffmode.vim


*** ../vim-9.0.1439/src/diff.c	2023-03-07 17:45:07.180247902 +0000
--- src/diff.c	2023-04-04 21:31:18.510103114 +0100
***************
*** 1310,1315 ****
--- 1310,1318 ----
      else
  #endif
      {
+ 	if (check_restricted())
+ 	    goto theend;
+ 
  	// Build the patch command and execute it.  Ignore errors.  Switch to
  	// cooked mode to allow the user to respond to prompts.
  	vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
***************
*** 1380,1386 ****
  
  		    // Do filetype detection with the new name.
  		    if (au_has_group((char_u *)"filetypedetect"))
! 			do_cmdline_cmd((char_u *)":doau filetypedetect BufRead");
  		}
  	    }
  	}
--- 1383,1390 ----
  
  		    // Do filetype detection with the new name.
  		    if (au_has_group((char_u *)"filetypedetect"))
! 			do_cmdline_cmd(
! 				     (char_u *)":doau filetypedetect BufRead");
  		}
  	    }
  	}
*** ../vim-9.0.1439/src/testdir/test_diffmode.vim	2023-04-01 19:54:36.452530922 +0100
--- src/testdir/test_diffmode.vim	2023-04-04 21:57:48.952230439 +0100
***************
*** 736,741 ****
--- 736,756 ----
    bwipe!
  endfunc
  
+ " FIXME: test fails, the Xresult file can't be read
+ func No_Test_diffpatch_restricted()
+   let lines =<< trim END
+     call assert_fails('diffpatch NoSuchDiff', 'E145:')
+ 
+     call writefile(v:errors, 'Xresult')
+     qa!
+   END
+   call writefile(lines, 'Xrestricted', 'D')
+   if RunVim([], [], '-Z --clean -S Xrestricted')
+     call assert_equal([], readfile('Xresult'))
+   endif
+   call delete('Xresult')
+ endfunc
+ 
  func Test_diff_too_many_buffers()
    for i in range(1, 8)
      exe "new Xtest" . i
*** ../vim-9.0.1439/src/version.c	2023-04-02 22:05:09.786319296 +0100
--- src/version.c	2023-04-04 21:57:03.648066808 +0100
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1440,
  /**/

-- 
Trees moving back and forth is what makes the wind blow.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///