averello/vim-mirror
1
0
Fork 0
mirror of https://github.com/vim/vim.git synced 2026-05-28 00:21:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch 9.2.0176: external diff is allowed in restricted mode

Browse Source 
Problem:  When 'diffopt' does not include "internal", Vim attempts to
          execute an external diff command even in restricted mode.
          This could be used to bypass restricted mode.
Solution: Call check_restricted() in diff_file() before attempting to
          execute an external diff (pyllyukko).

closes: #19696

Signed-off-by: pyllyukko <pyllyukko@maimed.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
pyllyukko
2026-03-16 19:46:27 +00:00
committed by Christian Brabandt
parent e22b31887a
commit 8faba24ca7
4 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
runtime/doc/version9.txt
+3
View File
@@ -52595,6 +52595,9 @@ between them is small (5 bytes or less) and contains only non-word characters.
This prevents fragmented highlighting when only whitespace or punctuation
separates changes.
Using external diff mode is no longer allowed when Vim is running in
|restricted-mode|.
Other ~
-----
- The new |xdg.vim| script for full XDG compatibility is included.
src/diff.c
+3
View File
@@ -1372,6 +1372,9 @@ diff_file(diffio_T *dio)
if (dio->dio_internal)
return diff_file_internal(dio);
if (check_restricted())
return FAIL;
len = STRLEN(tmp_orig) + STRLEN(tmp_new)
+ STRLEN(tmp_diff) + STRLEN(p_srr) + 27;
cmd = alloc(len);
src/testdir/test_restricted.vim
+23
View File
@@ -115,4 +115,27 @@ func Test_restricted_mode()
call delete('Xresult')
endfunc
" Test that external diff is blocked in restricted mode.
" Using :diffupdate with 'diffopt' excluding "internal" would call an external
" diff program via call_shell(), which must be blocked.
func Test_restricted_diff()
let lines =<< trim END
set diffopt=filler
call writefile(['line1', 'line2'], 'Xrfile1', 'D')
call writefile(['line1', 'line3'], 'Xrfile2', 'D')
edit Xrfile1
diffthis
split Xrfile2
diffthis
call assert_fails('diffupdate', 'E145:')
call writefile(v:errors, 'Xresult')
qa!
END
call writefile(lines, 'Xrestricteddiff', 'D')
if RunVim([], [], '-Z --clean -S Xrestricteddiff')
call assert_equal([], readfile('Xresult'))
endif
call delete('Xresult')
endfunc
" vim: shiftwidth=2 sts=2 expandtab
src/version.c
+2
View File
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
176,
/**/
175,
/**/