diff --git a/runtime/autoload/context.vim b/runtime/autoload/context.vim index 254d710c01..88db3ee0f2 100644 --- a/runtime/autoload/context.vim +++ b/runtime/autoload/context.vim @@ -117,7 +117,7 @@ else " No jobs endfunction function! s:typeset(path) - execute '!' . context#command() . ' ' . shellescape(fnamemodify(a:path, ":t")) + execute '!' . context#command() . ' ' . shellescape(fnamemodify(a:path, ":t"), 1) call call(get(b:, 'context_callback', get(g:, 'context_callback', 'context#callback')), \ [a:path, 0, v:shell_error]) endfunction diff --git a/test/old/testdir/test_codestyle.vim b/test/old/testdir/test_codestyle.vim index a0cebf76d1..e88b5e3790 100644 --- a/test/old/testdir/test_codestyle.vim +++ b/test/old/testdir/test_codestyle.vim @@ -6,6 +6,22 @@ func s:ReportError(fname, lnum, msg) endif endfunc +func s:PerformCheck(fname, pattern, msg, skip) + let prev_lnum = 1 + let lnum = 1 + while (lnum > 0) + call cursor(lnum, 1) + let lnum = search(a:pattern, 'W', 0, 0, a:skip) + if (prev_lnum == lnum) + break + endif + let prev_lnum = lnum + if (lnum > 0) + call s:ReportError(a:fname, lnum, a:msg) + endif + endwhile +endfunc + func Test_test_files() for fname in glob('*.vim', 0, 1) let g:ignoreSwapExists = 'e' @@ -99,4 +115,27 @@ func Test_help_files() endfunc +func Test_runtime_wrong_shellescape() + " Check that shellescape() is called with the {special} argument (a second, + " non-zero argument) when its result is used in a ":!" ex command. + " This could cause code injection! + let pattern = '\