Patch 7.3.070 Problem: Can set environment variables in the sandbox, could be abused. Solution: Disallow it. Files: src/eval.c
*** ../vim-7.3.069/src/eval.c 2010-11-10 20:31:24.000000000 +0100 --- src/eval.c 2010-12-02 14:42:31.000000000 +0100 *************** *** 2326,2332 **** else if (endchars != NULL && vim_strchr(endchars, *skipwhite(arg)) == NULL) EMSG(_(e_letunexp)); ! else { c1 = name[len]; name[len] = NUL; --- 2326,2332 ---- else if (endchars != NULL && vim_strchr(endchars, *skipwhite(arg)) == NULL) EMSG(_(e_letunexp)); ! else if (!check_secure()) { c1 = name[len]; name[len] = NUL; *** ../vim-7.3.069/src/version.c 2010-11-24 18:48:08.000000000 +0100 --- src/version.c 2010-12-02 14:46:44.000000000 +0100 *************** *** 716,717 **** --- 716,719 ---- { /* Add new patch number below this line */ + /**/ + 70, /**/ -- The only way the average employee can speak to an executive is by taking a second job as a golf caddie. (Scott Adams - The Dilbert principle) /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php