Patch 9.0.1440

[Bram Moolenaar]

Patch 9.0.1440
Problem:    "rvim" can execute a shell through :diffpatch.
Solution:   Disallow the shell "patch" command.
Files:      src/diff.c, src/testdir/test_diffmode.vim


*** ../vim-9.0.1439/src/diff.c  2023-03-07 17:45:07.180247902 +0000
--- src/diff.c  2023-04-04 21:31:18.510103114 +0100
***************
*** 1310,1315 ****
--- 1310,1318 ----
      else
  #endif
      {
+       if (check_restricted())
+           goto theend;
+ 
        // Build the patch command and execute it.  Ignore errors.  Switch to
        // cooked mode to allow the user to respond to prompts.
        vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
***************
*** 1380,1386 ****
  
                    // Do filetype detection with the new name.
                    if (au_has_group((char_u *)"filetypedetect"))
!                       do_cmdline_cmd((char_u *)":doau filetypedetect 
BufRead");
                }
            }
        }
--- 1383,1390 ----
  
                    // Do filetype detection with the new name.
                    if (au_has_group((char_u *)"filetypedetect"))
!                       do_cmdline_cmd(
!                                    (char_u *)":doau filetypedetect BufRead");
                }
            }
        }
*** ../vim-9.0.1439/src/testdir/test_diffmode.vim       2023-04-01 
19:54:36.452530922 +0100
--- src/testdir/test_diffmode.vim       2023-04-04 21:57:48.952230439 +0100
***************
*** 736,741 ****
--- 736,756 ----
    bwipe!
  endfunc
  
+ " FIXME: test fails, the Xresult file can't be read
+ func No_Test_diffpatch_restricted()
+   let lines =<< trim END
+     call assert_fails('diffpatch NoSuchDiff', 'E145:')
+ 
+     call writefile(v:errors, 'Xresult')
+     qa!
+   END
+   call writefile(lines, 'Xrestricted', 'D')
+   if RunVim([], [], '-Z --clean -S Xrestricted')
+     call assert_equal([], readfile('Xresult'))
+   endif
+   call delete('Xresult')
+ endfunc
+ 
  func Test_diff_too_many_buffers()
    for i in range(1, 8)
      exe "new Xtest" . i
*** ../vim-9.0.1439/src/version.c       2023-04-02 22:05:09.786319296 +0100
--- src/version.c       2023-04-04 21:57:03.648066808 +0100
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1440,
  /**/

-- 
Trees moving back and forth is what makes the wind blow.

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/20230404210527.4B6A71C1319%40moolenaar.net.