patch 8.1.0538: evaluating a modeline might invoke using a shell command Problem: Evaluating a modeline might invoke using a shell command. (Paul Huber) Solution: Set the sandbox flag when setting options from a modeline.

commit: 5958f95a40a4a44bd9e7f3b7ec6554a6ef3e42ca [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Tue Nov 20 04:25:21 2018 +0100
committer: Bram Moolenaar <Bram@vim.org> Tue Nov 20 04:25:21 2018 +0100
tree: 3acc52a60e27a6e33ef9b6e8c75673d03d108811
parent: 48d23bb4de3dd37ba0d0b22e7c39d6b894cb1f75 [diff]
diff --git a/src/buffer.c b/src/buffer.c
index 8e892da..ee962b2 100644
--- a/src/buffer.c
+++ b/src/buffer.c

@@ -5522,7 +5522,12 @@
 		current_sctx.sc_seq = 0;
 		current_sctx.sc_lnum = 0;
 #endif
+		// Make sure no risky things are executed as a side effect.
+		++sandbox;
+
 		retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+		--sandbox;
 #ifdef FEAT_EVAL
 		current_sctx = save_current_sctx;
 #endif

diff --git a/src/version.c b/src/version.c
index 29488c2..8569417 100644
--- a/src/version.c
+++ b/src/version.c

@@ -793,6 +793,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    538,
+/**/
     537,
 /**/
     536,
commit	5958f95a40a4a44bd9e7f3b7ec6554a6ef3e42ca	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Tue Nov 20 04:25:21 2018 +0100
committer	Bram Moolenaar <Bram@vim.org>	Tue Nov 20 04:25:21 2018 +0100
tree	3acc52a60e27a6e33ef9b6e8c75673d03d108811
parent	48d23bb4de3dd37ba0d0b22e7c39d6b894cb1f75 [diff]