averello/macvim-mirror
1
0
Fork 0
mirror of https://github.com/macvim-dev/macvim.git synced 2026-06-07 15:37:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect

Browse Source 
Problem:  The security patch 9.2.0561 added a vim.eval() call inside
          Completer.evalsource() to honor g:pythoncomplete_allow_import.
          But the 'vim' module is only imported inside the outer
          vimcomplete() / vimpy3complete() function, not at the script's
          top level, so referring to it from a Completer method raises
          NameError.  The surrounding bare 'except' silently swallows
          the error and leaves allow_imports at 0, meaning the opt-in
          never takes effect -- 'import os' (and any other
          buffer-level import) is always skipped, no candidates are
          produced for 'os.<...>' and
          Test_popup_and_preview_autocommand() fails on the Windows
          CI matrix (Linux skips the test because Python 2 is absent).
Solution: Re-import 'vim' at the top of evalsource() in both
          pythoncomplete.vim and python3complete.vim so the eval reads
          the global, and set g:pythoncomplete_allow_import = 1 in the
          test (it is the opt-in intended for callers that trust the
          buffer contents) (thinca).

closes: #20386

Signed-off-by: thinca <thinca@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
thinca
2026-05-31 12:33:07 +00:00
committed by Christian Brabandt
parent 2b2dfc4f5a
commit 868ad62cb8
4 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
runtime/autoload/python3complete.vim
+3
View File
@@ -135,6 +135,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
# vim is imported locally in vimpy3complete(); re-import here so the
# vim.eval() below works (otherwise NameError, silently caught).
import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
runtime/autoload/pythoncomplete.vim
+3
View File
@@ -149,6 +149,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
# vim is imported locally in vimcomplete(); re-import here so the
# vim.eval() below works (otherwise NameError, silently caught).
import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
src/testdir/test_popup.vim
+4
View File
@@ -723,6 +723,9 @@ func Test_popup_and_preview_autocommand()
au!
au BufAdd * nested tab sball
augroup END
" Let pythoncomplete follow the buffer's 'import os' (off by default
" since v9.2.0561) so 'os.' can be completed.
let g:pythoncomplete_allow_import = 1
set omnifunc=pythoncomplete#Complete
call setline(1, 'import os')
" make the line long
@@ -745,6 +748,7 @@ func Test_popup_and_preview_autocommand()
augroup END
augroup! MyBufAdd
bw!
unlet g:pythoncomplete_allow_import
endfunc
func s:run_popup_and_previewwindow_dump(lines, dumpfile)
src/version.c
+2
View File
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
568,
/**/
567,
/**/