Loading ...
Sorry, an error occurred while loading the content.
 

Patch 6.3.082

Expand Messages
  • Bram Moolenaar
    Patch 6.3.082 (after 6.3.081) Problem: Unix: expand() may execute a shell command when it s not wanted. (Georgi Guninski) Solution: A more generic
    Message 1 of 1 , Jul 20, 2005
      Patch 6.3.082 (after 6.3.081)
      Problem: Unix: expand() may execute a shell command when it's not wanted.
      (Georgi Guninski)
      Solution: A more generic solution than 6.3.081.
      Files: src/os_unix.c


      *** ../vim-6.3.081/src/os_unix.c Tue Jul 19 22:31:54 2005
      --- src/os_unix.c Wed Jul 20 10:54:12 2005
      ***************
      *** 4697,4710 ****
      if (!have_wildcard(num_pat, pat))
      return save_patterns(num_pat, pat, num_file, file);

      /*
      * Don't allow the use of backticks in secure and restricted mode.
      */
      ! if (secure || restricted
      ! # ifdef HAVE_SANDBOX
      ! || sandbox != 0
      ! # endif
      ! )
      for (i = 0; i < num_pat; ++i)
      if (vim_strchr(pat[i], '`') != NULL
      && (check_restricted() || check_secure()))
      --- 4697,4712 ----
      if (!have_wildcard(num_pat, pat))
      return save_patterns(num_pat, pat, num_file, file);

      + # ifdef HAVE_SANDBOX
      + /* Don't allow any shell command in the sandbox. */
      + if (sandbox != 0 && check_secure())
      + return FAIL;
      + # endif
      +
      /*
      * Don't allow the use of backticks in secure and restricted mode.
      */
      ! if (secure || restricted)
      for (i = 0; i < num_pat; ++i)
      if (vim_strchr(pat[i], '`') != NULL
      && (check_restricted() || check_secure()))
      *** ../vim-6.3.081/src/version.c Tue Jul 19 22:31:54 2005
      --- src/version.c Wed Jul 20 11:03:50 2005
      ***************
      *** 643,644 ****
      --- 643,646 ----
      { /* Add new patch number below this line */
      + /**/
      + 82,
      /**/

      --
      No letters of the alphabet were harmed in the creation of this message.

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ Project leader for A-A-P -- http://www.A-A-P.org ///
      \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///
    Your message has been successfully submitted and would be delivered to recipients shortly.