patch 9.2.0156: perleval() and rubyeval() ignore security settings
Commit:
https://github.com/vim/vim/commit/fba75cad9afd4bc5beb8acb0a7436c78c61b1214
Author: pyllyukko <[email protected]>
Date: Fri Mar 13 21:15:44 2026 +0000
patch 9.2.0156: perleval() and rubyeval() ignore security settings
Problem: perleval() and rubyeval() ignore security settings
Solution: Disable those functions in restricted (-Z) or 'secure' mode
(pyllyukko).
closes: #19664
Signed-off-by: pyllyukko <[email protected]>
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/evalfunc.c b/src/evalfunc.c
index 9b7008415..6d40794c0 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -9895,6 +9895,9 @@ f_perleval(typval_T *argvars, typval_T *rettv)
char_u *str;
char_u buf[NUMBUFLEN];
+ if (check_restricted() || check_secure())
+ return;
+
if (in_vim9script() && check_for_string_arg(argvars, 0) == FAIL)
return;
@@ -10824,6 +10827,9 @@ f_rubyeval(typval_T *argvars, typval_T *rettv)
char_u *str;
char_u buf[NUMBUFLEN];
+ if (check_restricted() || check_secure())
+ return;
+
if (in_vim9script() && check_for_string_arg(argvars, 0) == FAIL)
return;
diff --git a/src/version.c b/src/version.c
index c9de55cde..3676c461b 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 156,
/**/
155,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1w1A56-003xmQ-5z%40256bit.org.
