mirror of
https://github.com/neovim/neovim.git
synced 2025-10-21 17:21:49 +00:00

Problem: [security]: path traversal issue in zip.vim (@ax)
Solution: drop leading ../ on write of zipfiles, don't forcefully
overwrite existing files
A zip plugin which contains filenames with leading '../' may cause
confusion as to where the content will be extracted. Let's drop such
things and make sure we use a relative filename instead and don't
forcefully overwrite temporary files. Also, warn the user of such
things.
related: vim/vim#17733
586294a041
vim-patch:e1044fb: runtime(zip): raise minimum Vim version to v9.0
vim-patch:e2d9b0d: runtime(zip): zip plugin does not work with Vim 9.0
Co-authored-by: Christian Brabandt <cb@256bit.org>
The autoload directory is for standard Vim autoload scripts. These are functions used by plugins and for general use. They will be loaded automatically when the function is invoked. See ":help autoload". gzip.vim for editing compressed files netrw*.vim browsing (remote) directories and editing remote files tar.vim browsing tar files zip.vim browsing zip files paste.vim common code for mswin.vim and menu.vim spellfile.vim downloading of a missing spell file Omni completion files: ccomplete.vim C csscomplete.vim HTML / CSS htmlcomplete.vim HTML javascriptcomplete.vim Javascript phpcomplete.vim PHP pythoncomplete.vim Python rubycomplete.vim Ruby syntaxcomplete.vim from syntax highlighting xmlcomplete.vim XML (uses files in the xml directory)