patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode
Commit: https://github.com/vim/vim/commit/60ebdf7e34687fd7821045268ee4b2b599112413 Author: Christian Brabandt <[email protected]> Date: Tue Jun 9 19:05:18 2026 +0000 patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode Problem: popup_setoptions()/ch_setoptions() does not check secure/restricted mode Solution: Add missing checks for check_restricted()/check_secure() closes: #20456 Signed-off-by: Christian Brabandt <[email protected]> diff --git a/src/channel.c b/src/channel.c index 27aa259e2..cfbfcb2be 100644 --- a/src/channel.c +++ b/src/channel.c @@ -5927,6 +5927,9 @@ f_ch_setoptions(typval_T *argvars, typval_T *rettv UNUSED) channel_T *channel; jobopt_T opt; + if (check_restricted() || check_secure()) + return; + if (in_vim9script() && (check_for_chan_or_job_arg(argvars, 0) == FAIL || check_for_dict_arg(argvars, 1) == FAIL)) diff --git a/src/popupwin.c b/src/popupwin.c index cae19b908..79ff1b09c 100644 --- a/src/popupwin.c +++ b/src/popupwin.c @@ -4491,6 +4491,9 @@ f_popup_setoptions(typval_T *argvars, typval_T *rettv UNUSED) int need_redraw = FALSE; int need_reposition = FALSE; + if (check_secure()) + return; + if (in_vim9script() && (check_for_number_arg(argvars, 0) == FAIL || check_for_dict_arg(argvars, 1) == FAIL)) diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim index 32b280188..ac394dd2b 100644 --- a/src/testdir/test_popup.vim +++ b/src/testdir/test_popup.vim @@ -2632,8 +2632,9 @@ func Test_popup_opacity_move_after_close() call StopVimInTerminal(buf) endfunc -func Test_popup_create_sandbox() +func Test_popup_sandbox() call assert_fails('sandbox call popup_create("hello", {})', 'E48:') + call assert_fails('sandbox call popup_setoptions(1, {})', 'E48:') endfunc " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim index 21133089e..1997e20b4 100644 --- a/src/testdir/test_restricted.vim +++ b/src/testdir/test_restricted.vim @@ -70,6 +70,7 @@ func Test_restricted_mode() if has('channel') call assert_fails("call ch_logfile('Xlog')", 'E145:') call assert_fails("call ch_open('localhost:8765')", 'E145:') + call assert_fails("call ch_setoptions('localhost:8765', {})", 'E145:') endif if has('job') diff --git a/src/version.c b/src/version.c index e35cb0962..df1311759 100644 --- a/src/version.c +++ b/src/version.c @@ -729,6 +729,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 608, /**/ 607, /**/ -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/vim_dev/E1wX1uj-006gS3-Rl%40256bit.org.
