On Sat, Jan 2, 2016 at 4:53 PM, Tim Chase <[email protected]> wrote: > On 2016-01-02 16:06, Bram Moolenaar wrote: >> I believe $UID is a shell variable (bash only?) which is not >> exported. Thus Vim doesn't get it. When using expand() the shell >> is used to expand the variable, thus then you do get it. > > Okay, that makes sense...though does that then make expand() a > potential vector for shell exploits if it's being called with an > untrusted string? > > -tim
Hm, hard to think of how. If you type echo "get my $FOO at the $BAR please", or echo for any other untrusted double-quoted string, at the shell prompt, could it cause an exploit? Best regards, Tony. -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
