diff options
| -rw-r--r-- | src/getchar.c | 6 | ||||
| -rw-r--r-- | src/testdir/test_source.vim | 9 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 17 insertions, 0 deletions
diff --git a/src/getchar.c b/src/getchar.c index 9379a6a8d..debad7efd 100644 --- a/src/getchar.c +++ b/src/getchar.c @@ -1407,6 +1407,12 @@ openscript( emsg(_(e_nesting)); return; } + + // Disallow sourcing a file in the sandbox, the commands would be executed + // later, possibly outside of the sandbox. + if (check_secure()) + return; + #ifdef FEAT_EVAL if (ignore_script) /* Not reading from script, also don't open one. Warning message? */ diff --git a/src/testdir/test_source.vim b/src/testdir/test_source.vim index a33d286e7..5166bafb1 100644 --- a/src/testdir/test_source.vim +++ b/src/testdir/test_source.vim @@ -36,3 +36,12 @@ func Test_source_cmd() au! SourcePre au! SourcePost endfunc + +func Test_source_sandbox() + new + call writefile(["Ohello\<Esc>"], 'Xsourcehello') + source! Xsourcehello | echo + call assert_equal('hello', getline(1)) + call assert_fails('sandbox source! Xsourcehello', 'E48:') + bwipe! +endfunc diff --git a/src/version.c b/src/version.c index b0736df46..b2fcbfb14 100644 --- a/src/version.c +++ b/src/version.c @@ -768,6 +768,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1365, +/**/ 1364, /**/ 1363, |