vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command

Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.
5958f95a40
This commit is contained in:
Jan Edmund Lazo
2019-03-23 08:06:35 -04:00
committed by James McCoy
parent f514b7fbbc
commit fee1880ea7

View File

@@ -4926,7 +4926,12 @@ chk_modeline (
if (*s != NUL) { /* skip over an empty "::" */
save_SID = current_SID;
current_SID = SID_MODELINE;
// Make sure no risky things are executed as a side effect.
sandbox++;
retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
sandbox--;
current_SID = save_SID;
if (retval == FAIL) /* stop if error found */
break;