From 1a064abb0a73401b98b81463e89e2f2da8499baf Mon Sep 17 00:00:00 2001
From: zeertzjq <zeertzjq@outlook.com>
Date: Sun, 24 May 2026 08:49:02 +0800
Subject: [PATCH] vim-patch:9.2.0517: quickfix: can set quickfixtextfunc in
 restricted/sandbox mode (#39970)

Problem:  quickfix: can set quickfixtextfunc in restricted/sandbox mode
          (tacdm)
Solution: Disallow setting the quickfixtextfunc option from a sandbox
          and restricted mode (Yegappan Lakshmanan).

closes: vim/vim#20305

https://github.com/vim/vim/commit/cb8510d4703c13b34e178067ffe48a24c9a3ad32


Co-Authored-by: tacdm

Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
---
 src/nvim/quickfix.c                |  8 +++++--
 test/old/testdir/test_quickfix.vim | 34 ++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/src/nvim/quickfix.c b/src/nvim/quickfix.c
index 93fce6050f..503c103dea 100644
--- a/src/nvim/quickfix.c
+++ b/src/nvim/quickfix.c
@@ -6585,13 +6585,17 @@ static int qf_get_properties(win_T *wp, dict_T *what, dict_T *retdict)
   return status;
 }
 
-/// Set the current index in the specified quickfix list
-/// @return OK
+/// Set the 'quickfixtextfunc' in the specified quickfix/location list
+/// @return OK or FAIL
 static int qf_setprop_qftf(qf_list_T *qfl, dictitem_T *di)
   FUNC_ATTR_NONNULL_ALL
 {
   Callback cb;
 
+  if (check_secure()) {
+    return FAIL;
+  }
+
   callback_free(&qfl->qf_qftf_cb);
   if (callback_from_typval(&cb, &di->di_tv)) {
     qfl->qf_qftf_cb = cb;
diff --git a/test/old/testdir/test_quickfix.vim b/test/old/testdir/test_quickfix.vim
index 62940ce627..90d3c0bdc0 100644
--- a/test/old/testdir/test_quickfix.vim
+++ b/test/old/testdir/test_quickfix.vim
@@ -7050,4 +7050,38 @@ func Test_efm_overlongline()
   call setqflist([], 'f')
 endfunc
 
+func Xtest_set_qftf_in_sandbox(cchar)
+  call s:setup_commands(a:cchar)
+
+  call g:Xsetlist([{'filename': 'test.c', 'lnum': 1, 'text': 'trigger'}])
+  let g:qftf_fn_called = v:false
+  func Qftf_Fn(d)
+    let g:qftf_fn_called = v:true
+    return []
+  endfunc
+
+  let g:caught_exception = v:false
+  try
+    sandbox call g:Xsetlist([], 'a', #{quickfixtextfunc: 'g:Qftf_Fn'})
+  catch /E48:/
+    let g:caught_exception = v:true
+  endtry
+  copen
+  cclose
+
+  call assert_equal(v:true, g:caught_exception)
+  call assert_equal(v:false, g:qftf_fn_called)
+
+  delfunc Qftf_Fn
+  unlet g:caught_exception
+  unlet g:qftf_fn_called
+  %bw!
+endfunc
+
+" Test for setting the 'quickfixtextfunc' in a sandbox
+func Test_set_qftf_in_sandbox()
+  call Xtest_set_qftf_in_sandbox('c')
+  call Xtest_set_qftf_in_sandbox('l')
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab