| To: vim_dev@googlegroups.com |
| Subject: Patch 7.3.070 |
| Fcc: outbox |
| From: Bram Moolenaar <Bram@moolenaar.net> |
| Mime-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| |
| Patch 7.3.070 |
| Problem: Can set environment variables in the sandbox, could be abused. |
| Solution: Disallow it. |
| Files: src/eval.c |
| |
| |
| |
| |
| |
| *** 2326,2332 **** |
| else if (endchars != NULL |
| && vim_strchr(endchars, *skipwhite(arg)) == NULL) |
| EMSG(_(e_letunexp)); |
| ! else |
| { |
| c1 = name[len]; |
| name[len] = NUL; |
| --- 2326,2332 ---- |
| else if (endchars != NULL |
| && vim_strchr(endchars, *skipwhite(arg)) == NULL) |
| EMSG(_(e_letunexp)); |
| ! else if (!check_secure()) |
| { |
| c1 = name[len]; |
| name[len] = NUL; |
| |
| |
| |
| *** 716,717 **** |
| --- 716,719 ---- |
| { /* Add new patch number below this line */ |
| + /**/ |
| + 70, |
| /**/ |
| |
| -- |
| The only way the average employee can speak to an executive is by taking a |
| second job as a golf caddie. |
| (Scott Adams - The Dilbert principle) |
| |
| /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ |
| /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ |
| \\\ an exciting new programming language -- http://www.Zimbu.org /// |
| \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |