mirror of
https://github.com/neovim/neovim.git
synced 2026-05-24 05:40:08 +00:00
c3c06723f0
Problem: runtime(tar): missing path traversal checks in tar#Extract()
Solution: Add check for leading slash, however gnu tar should already
detect this (q1uf3ng)
tar#Extract() did not check for ../ sequences or absolute paths,
unlike zip#Extract() which was patched in recent commits. Add the
same checks: ../ (relative traversal), leading slash (Unix), drive
letter and UNC/leading slash (Windows).
closes: vim/vim#19981
490b737f3e
Co-authored-by: q1uf3ng <q1uf3ng@protone.me>
The autoload directory is for standard Vim autoload scripts. These are functions used by plugins and for general use. They will be loaded automatically when the function is invoked. See ":help autoload". gzip.vim for editing compressed files netrw*.vim browsing (remote) directories and editing remote files tar.vim browsing tar files zip.vim browsing zip files paste.vim common code for mswin.vim and menu.vim spellfile.vim downloading of a missing spell file Omni completion files: ccomplete.vim C csscomplete.vim HTML / CSS htmlcomplete.vim HTML javascriptcomplete.vim Javascript phpcomplete.vim PHP pythoncomplete.vim Python rubycomplete.vim Ruby syntaxcomplete.vim from syntax highlighting xmlcomplete.vim XML (uses files in the xml directory)