patch 8.1.1366: using expressions in a modeline is unsafe
Problem: Using expressions in a modeline is unsafe.
Solution: Disallow using expressions in a modeline, unless the
'modelineexpr' option is set. Update help, add more tests.
diff --git a/src/option.c b/src/option.c
index bfdf717..8e62efc 100644
--- a/src/option.c
+++ b/src/option.c
@@ -467,6 +467,7 @@
* there is a redraw flag */
#define P_NDNAME 0x8000000L /* only normal dir name chars allowed */
#define P_RWINONLY 0x10000000L /* only redraw current window */
+#define P_MLE 0x20000000L /* under control of 'modelineexpr' */
#define ISK_LATIN1 (char_u *)"@,48-57,_,192-255"
@@ -650,7 +651,7 @@
{(char_u *)0L, (char_u *)0L}
#endif
SCTX_INIT},
- {"balloonexpr", "bexpr", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM,
+ {"balloonexpr", "bexpr", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM|P_MLE,
#if defined(FEAT_BEVAL) && defined(FEAT_EVAL)
(char_u *)&p_bexpr, PV_BEXPR,
{(char_u *)"", (char_u *)0L}
@@ -727,7 +728,7 @@
(char_u *)&p_cmp, PV_NONE,
{(char_u *)"internal,keepascii", (char_u *)0L}
SCTX_INIT},
- {"cdpath", "cd", P_STRING|P_EXPAND|P_VI_DEF|P_COMMA|P_NODUP,
+ {"cdpath", "cd", P_STRING|P_EXPAND|P_VI_DEF|P_SECURE|P_COMMA|P_NODUP,
#ifdef FEAT_SEARCHPATH
(char_u *)&p_cdpath, PV_NONE,
{(char_u *)",,", (char_u *)0L}
@@ -1175,7 +1176,7 @@
{(char_u *)NULL, (char_u *)0L}
#endif
SCTX_INIT},
- {"foldexpr", "fde", P_STRING|P_ALLOCED|P_VIM|P_VI_DEF|P_RWIN,
+ {"foldexpr", "fde", P_STRING|P_ALLOCED|P_VIM|P_VI_DEF|P_RWIN|P_MLE,
#if defined(FEAT_FOLDING) && defined(FEAT_EVAL)
(char_u *)VAR_WIN, PV_FDE,
{(char_u *)"0", (char_u *)NULL}
@@ -1258,7 +1259,7 @@
{(char_u *)NULL, (char_u *)0L}
#endif
SCTX_INIT},
- {"foldtext", "fdt", P_STRING|P_ALLOCED|P_VIM|P_VI_DEF|P_RWIN,
+ {"foldtext", "fdt", P_STRING|P_ALLOCED|P_VIM|P_VI_DEF|P_RWIN|P_MLE,
#if defined(FEAT_FOLDING) && defined(FEAT_EVAL)
(char_u *)VAR_WIN, PV_FDT,
{(char_u *)"foldtext()", (char_u *)NULL}
@@ -1267,7 +1268,7 @@
{(char_u *)NULL, (char_u *)0L}
#endif
SCTX_INIT},
- {"formatexpr", "fex", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM,
+ {"formatexpr", "fex", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM|P_MLE,
#ifdef FEAT_EVAL
(char_u *)&p_fex, PV_FEX,
{(char_u *)"", (char_u *)0L}
@@ -1406,7 +1407,7 @@
(char_u *)NULL, PV_NONE,
#endif
{(char_u *)TRUE, (char_u *)0L} SCTX_INIT},
- {"guitablabel", "gtl", P_STRING|P_VI_DEF|P_RWIN,
+ {"guitablabel", "gtl", P_STRING|P_VI_DEF|P_RWIN|P_MLE,
#if defined(FEAT_GUI_TABLINE)
(char_u *)&p_gtl, PV_NONE,
{(char_u *)"", (char_u *)0L}
@@ -1477,7 +1478,7 @@
(char_u *)NULL, PV_NONE,
#endif
{(char_u *)FALSE, (char_u *)0L} SCTX_INIT},
- {"iconstring", NULL, P_STRING|P_VI_DEF,
+ {"iconstring", NULL, P_STRING|P_VI_DEF|P_MLE,
#ifdef FEAT_TITLE
(char_u *)&p_iconstring, PV_NONE,
#else
@@ -1549,7 +1550,7 @@
{(char_u *)0L, (char_u *)0L}
#endif
SCTX_INIT},
- {"includeexpr", "inex", P_STRING|P_ALLOCED|P_VI_DEF,
+ {"includeexpr", "inex", P_STRING|P_ALLOCED|P_VI_DEF|P_MLE,
#if defined(FEAT_FIND_ID) && defined(FEAT_EVAL)
(char_u *)&p_inex, PV_INEX,
{(char_u *)"", (char_u *)0L}
@@ -1561,7 +1562,7 @@
{"incsearch", "is", P_BOOL|P_VI_DEF|P_VIM,
(char_u *)&p_is, PV_NONE,
{(char_u *)FALSE, (char_u *)0L} SCTX_INIT},
- {"indentexpr", "inde", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM,
+ {"indentexpr", "inde", P_STRING|P_ALLOCED|P_VI_DEF|P_VIM|P_MLE,
#if defined(FEAT_CINDENT) && defined(FEAT_EVAL)
(char_u *)&p_inde, PV_INDE,
{(char_u *)"", (char_u *)0L}
@@ -1888,6 +1889,9 @@
{"modeline", "ml", P_BOOL|P_VIM,
(char_u *)&p_ml, PV_ML,
{(char_u *)FALSE, (char_u *)TRUE} SCTX_INIT},
+ {"modelineexpr", "mle", P_BOOL|P_VI_DEF,
+ (char_u *)&p_mle, PV_NONE,
+ {(char_u *)FALSE, (char_u *)0L} SCTX_INIT},
{"modelines", "mls", P_NUM|P_VI_DEF,
(char_u *)&p_mls, PV_NONE,
{(char_u *)5L, (char_u *)0L} SCTX_INIT},
@@ -2311,7 +2315,7 @@
(char_u *)NULL, PV_NONE,
#endif
{(char_u *)FALSE, (char_u *)0L} SCTX_INIT},
- {"rulerformat", "ruf", P_STRING|P_VI_DEF|P_ALLOCED|P_RSTAT,
+ {"rulerformat", "ruf", P_STRING|P_VI_DEF|P_ALLOCED|P_RSTAT|P_MLE,
#ifdef FEAT_STL_OPT
(char_u *)&p_ruf, PV_NONE,
#else
@@ -2577,7 +2581,7 @@
{"startofline", "sol", P_BOOL|P_VI_DEF|P_VIM,
(char_u *)&p_sol, PV_NONE,
{(char_u *)TRUE, (char_u *)0L} SCTX_INIT},
- {"statusline" ,"stl", P_STRING|P_VI_DEF|P_ALLOCED|P_RSTAT,
+ {"statusline" ,"stl", P_STRING|P_VI_DEF|P_ALLOCED|P_RSTAT|P_MLE,
#ifdef FEAT_STL_OPT
(char_u *)&p_stl, PV_STL,
#else
@@ -2624,7 +2628,7 @@
{(char_u *)0L, (char_u *)0L}
#endif
SCTX_INIT},
- {"tabline", "tal", P_STRING|P_VI_DEF|P_RALL,
+ {"tabline", "tal", P_STRING|P_VI_DEF|P_RALL|P_MLE,
#ifdef FEAT_STL_OPT
(char_u *)&p_tal, PV_NONE,
#else
@@ -2802,7 +2806,7 @@
{(char_u *)0L, (char_u *)0L}
#endif
SCTX_INIT},
- {"titlestring", NULL, P_STRING|P_VI_DEF,
+ {"titlestring", NULL, P_STRING|P_VI_DEF|P_MLE,
#ifdef FEAT_TITLE
(char_u *)&p_titlestring, PV_NONE,
#else
@@ -4549,6 +4553,11 @@
errmsg = _("E520: Not allowed in a modeline");
goto skip;
}
+ if ((flags & P_MLE) && !p_mle)
+ {
+ errmsg = _("E992: Not allowed in a modeline when 'modelineexpr' is off");
+ goto skip;
+ }
#ifdef FEAT_DIFF
/* In diff mode some options are overruled. This avoids that
* 'foldmethod' becomes "marker" instead of "diff" and that
diff --git a/src/option.h b/src/option.h
index 7a10bb9..082ff9b 100644
--- a/src/option.h
+++ b/src/option.h
@@ -631,6 +631,7 @@
#ifdef FEAT_SPELL
EXTERN char_u *p_msm; /* 'mkspellmem' */
#endif
+EXTERN long p_mle; /* 'modelineexpr' */
EXTERN long p_mls; /* 'modelines' */
EXTERN char_u *p_mouse; /* 'mouse' */
#ifdef FEAT_GUI
diff --git a/src/testdir/test49.in b/src/testdir/test49.in
index 79f13f6..a0c9e0d 100644
--- a/src/testdir/test49.in
+++ b/src/testdir/test49.in
@@ -5,7 +5,7 @@
STARTTEST
:so small.vim
-:se nocp nomore viminfo+=nviminfo
+:se nocp nomore viminfo+=nviminfo modelineexpr
:lang mess C
:so test49.vim
:" Go back to this file and append the results from register r.
diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim
index e0f97c4..c33a080 100644
--- a/src/testdir/test_modeline.vim
+++ b/src/testdir/test_modeline.vim
@@ -60,14 +60,17 @@
set keymap= iminsert=0 imsearch=-1
endfunc
-func s:modeline_fails(what, text)
+func s:modeline_fails(what, text, error)
+ if !exists('+' .. a:what)
+ return
+ endif
let fname = "Xmodeline_fails_" . a:what
call writefile(['vim: set ' . a:text . ' :', 'nothing'], fname)
let modeline = &modeline
set modeline
filetype plugin on
syntax enable
- call assert_fails('split ' . fname, 'E474:')
+ call assert_fails('split ' . fname, a:error)
call assert_equal("", &filetype)
call assert_equal("", &syntax)
@@ -79,16 +82,90 @@
endfunc
func Test_modeline_filetype_fails()
- call s:modeline_fails('filetype', 'ft=evil$CMD')
+ call s:modeline_fails('filetype', 'ft=evil$CMD', 'E474:')
endfunc
func Test_modeline_syntax_fails()
- call s:modeline_fails('syntax', 'syn=evil$CMD')
+ call s:modeline_fails('syntax', 'syn=evil$CMD', 'E474:')
endfunc
func Test_modeline_keymap_fails()
- if !has('keymap')
- return
- endif
- call s:modeline_fails('keymap', 'keymap=evil$CMD')
+ call s:modeline_fails('keymap', 'keymap=evil$CMD', 'E474:')
+endfunc
+
+func Test_modeline_fails_always()
+ call s:modeline_fails('backupdir', 'backupdir=Something()', 'E520:')
+ call s:modeline_fails('cdpath', 'cdpath=Something()', 'E520:')
+ call s:modeline_fails('charconvert', 'charconvert=Something()', 'E520:')
+ call s:modeline_fails('completefunc', 'completefunc=Something()', 'E520:')
+ call s:modeline_fails('cscopeprg', 'cscopeprg=Something()', 'E520:')
+ call s:modeline_fails('diffexpr', 'diffexpr=Something()', 'E520:')
+ call s:modeline_fails('directory', 'directory=Something()', 'E520:')
+ call s:modeline_fails('equalprg', 'equalprg=Something()', 'E520:')
+ call s:modeline_fails('errorfile', 'errorfile=Something()', 'E520:')
+ call s:modeline_fails('exrc', 'exrc=Something()', 'E520:')
+ call s:modeline_fails('formatprg', 'formatprg=Something()', 'E520:')
+ call s:modeline_fails('fsync', 'fsync=Something()', 'E520:')
+ call s:modeline_fails('grepprg', 'grepprg=Something()', 'E520:')
+ call s:modeline_fails('helpfile', 'helpfile=Something()', 'E520:')
+ call s:modeline_fails('imactivatefunc', 'imactivatefunc=Something()', 'E520:')
+ call s:modeline_fails('imstatusfunc', 'imstatusfunc=Something()', 'E520:')
+ call s:modeline_fails('imstyle', 'imstyle=Something()', 'E520:')
+ call s:modeline_fails('keywordprg', 'keywordprg=Something()', 'E520:')
+ call s:modeline_fails('langmap', 'langmap=Something()', 'E520:')
+ call s:modeline_fails('luadll', 'luadll=Something()', 'E520:')
+ call s:modeline_fails('makeef', 'makeef=Something()', 'E520:')
+ call s:modeline_fails('makeprg', 'makeprg=Something()', 'E520:')
+ call s:modeline_fails('makespellmem', 'makespellmem=Something()', 'E520:')
+ call s:modeline_fails('mzschemedll', 'mzschemedll=Something()', 'E520:')
+ call s:modeline_fails('mzschemegcdll', 'mzschemegcdll=Something()', 'E520:')
+ call s:modeline_fails('omnifunc', 'omnifunc=Something()', 'E520:')
+ call s:modeline_fails('operatorfunc', 'operatorfunc=Something()', 'E520:')
+ call s:modeline_fails('perldll', 'perldll=Something()', 'E520:')
+ call s:modeline_fails('printdevice', 'printdevice=Something()', 'E520:')
+ call s:modeline_fails('patchexpr', 'patchexpr=Something()', 'E520:')
+ call s:modeline_fails('printexpr', 'printexpr=Something()', 'E520:')
+ call s:modeline_fails('pythondll', 'pythondll=Something()', 'E520:')
+ call s:modeline_fails('pythonhome', 'pythondll=Something()', 'E520:')
+ call s:modeline_fails('pythonthreedll', 'pythonthreedll=Something()', 'E520:')
+ call s:modeline_fails('pythonthreehome', 'pythonthreehome=Something()', 'E520:')
+ call s:modeline_fails('pyxversion', 'pyxversion=Something()', 'E520:')
+ call s:modeline_fails('rubydll', 'rubydll=Something()', 'E520:')
+ call s:modeline_fails('runtimepath', 'runtimepath=Something()', 'E520:')
+ call s:modeline_fails('secure', 'secure=Something()', 'E520:')
+ call s:modeline_fails('shell', 'shell=Something()', 'E520:')
+ call s:modeline_fails('shellcmdflag', 'shellcmdflag=Something()', 'E520:')
+ call s:modeline_fails('shellpipe', 'shellpipe=Something()', 'E520:')
+ call s:modeline_fails('shellquote', 'shellquote=Something()', 'E520:')
+ call s:modeline_fails('shellredir', 'shellredir=Something()', 'E520:')
+ call s:modeline_fails('shellxquote', 'shellxquote=Something()', 'E520:')
+ call s:modeline_fails('spellfile', 'spellfile=Something()', 'E520:')
+ call s:modeline_fails('spellsuggest', 'spellsuggest=Something()', 'E520:')
+ call s:modeline_fails('tcldll', 'tcldll=Something()', 'E520:')
+ call s:modeline_fails('titleold', 'titleold=Something()', 'E520:')
+ call s:modeline_fails('viewdir', 'viewdir=Something()', 'E520:')
+ call s:modeline_fails('viminfo', 'viminfo=Something()', 'E520:')
+ call s:modeline_fails('viminfofile', 'viminfofile=Something()', 'E520:')
+ call s:modeline_fails('winptydll', 'winptydll=Something()', 'E520:')
+ call s:modeline_fails('undodir', 'undodir=Something()', 'E520:')
+ " only check a few terminal options
+ call s:modeline_fails('t_AB', 't_AB=Something()', 'E520:')
+ call s:modeline_fails('t_ce', 't_ce=Something()', 'E520:')
+ call s:modeline_fails('t_sr', 't_sr=Something()', 'E520:')
+ call s:modeline_fails('t_8b', 't_8b=Something()', 'E520:')
+endfunc
+
+func Test_modeline_fails_modelineexpr()
+ call s:modeline_fails('balloonexpr', 'balloonexpr=Something()', 'E992:')
+ call s:modeline_fails('foldexpr', 'foldexpr=Something()', 'E992:')
+ call s:modeline_fails('foldtext', 'foldtext=Something()', 'E992:')
+ call s:modeline_fails('formatexpr', 'formatexpr=Something()', 'E992:')
+ call s:modeline_fails('guitablabel', 'guitablabel=Something()', 'E992:')
+ call s:modeline_fails('iconstring', 'iconstring=Something()', 'E992:')
+ call s:modeline_fails('includeexpr', 'includeexpr=Something()', 'E992:')
+ call s:modeline_fails('indentexpr', 'indentexpr=Something()', 'E992:')
+ call s:modeline_fails('rulerformat', 'rulerformat=Something()', 'E992:')
+ call s:modeline_fails('statusline', 'statusline=Something()', 'E992:')
+ call s:modeline_fails('tabline', 'tabline=Something()', 'E992:')
+ call s:modeline_fails('titlestring', 'titlestring=Something()', 'E992:')
endfunc
diff --git a/src/version.c b/src/version.c
index b2fcbfb..bcc9aef 100644
--- a/src/version.c
+++ b/src/version.c
@@ -768,6 +768,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1366,
+/**/
1365,
/**/
1364,