Ben Schmidt wrote:
> Ex command substitutions (:help cmdline-special) seem to be done on
> the keyword when using the K command. Due to normal settings for
> iskeyword this won't usually show up for K, but will for {Visual}K if
> you, e.g., highlight a URL with a # in it and use K on it (with
> keywordprg set to 'firefox' or something--'open' for me on Mac OS
> X--this makes sense: in fact it is very useful). If there is no
> alternate file you get an error in Vim, but if there is one, nonsense
> just gets passed to the shell. It should be checked that the keyword
> is properly shell-escaped, too. I can't quickly think of a way to
> easily exploit this one, so I don't think it's a security risk, but
> it's definitely a bug.
Currently some characters are escaped, such as a space. I suppose # and
% should also be escaped. More general, it should probably work like
shellescape(). I'll make a note in the todo list.
--
Scientists decoded the first message from an alien civilization:
SIMPLY SEND 6 TIMES 10 TO THE 50 ATOMS OF HYDROGEN TO THE STAR
SYSTEM AT THE TOP OF THE LIST, CROSS OFF THAT STAR SYSTEM, THEN PUT
YOUR STAR SYSTEM AT THE BOTTOM OF THE LIST AND SEND IT TO 100 OTHER
STAR SYSTEMS. WITHIN ONE TENTH GALACTIC ROTATION YOU WILL RECEIVE
ENOUGH HYDROGREN TO POWER YOUR CIVILIZATION UNTIL ENTROPY REACHES ITS
MAXIMUM! IT REALLY WORKS!
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
