patch 8.1.1365: source command doesn't check for the sandboxv8.1.1365

Problem: Source command doesn't check for the sandbox. (Armin Razmjou) Solution: Check for the sandbox when sourcing a file.
author: Bram Moolenaar <Bram@vim.org> 2019-05-22 22:38:25 +0200
committer: Bram Moolenaar <Bram@vim.org> 2019-05-22 22:38:25 +0200
commit: 53575521406739cf20bbe4e384d88e7dca11f040 (patch)
tree: a972b87d48af2a7b193f26a0d23340c852f14e55 /src/getchar.c
parent: 5c017b2de28d19dfa4af58b8973e32f31bb1477e (diff)
download: vim-git-53575521406739cf20bbe4e384d88e7dca11f040.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/getchar.c b/src/getchar.c
index 9379a6a8d..debad7efd 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1407,6 +1407,12 @@ openscript(
 	emsg(_(e_nesting));
 	return;
     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+	return;
+
 #ifdef FEAT_EVAL
     if (ignore_script)
 	/* Not reading from script, also don't open one.  Warning message? */
author	Bram Moolenaar <Bram@vim.org>	2019-05-22 22:38:25 +0200
committer	Bram Moolenaar <Bram@vim.org>	2019-05-22 22:38:25 +0200
commit	53575521406739cf20bbe4e384d88e7dca11f040 (patch)
tree	a972b87d48af2a7b193f26a0d23340c852f14e55 /src/getchar.c
parent	5c017b2de28d19dfa4af58b8973e32f31bb1477e (diff)
download	vim-git-53575521406739cf20bbe4e384d88e7dca11f040.tar.gz