patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline

author Christian Brabandt <cb@256bit.org>

Mon, 30 Mar 2026 08:20:43 +0000 (08:20 +0000)

committer Christian Brabandt <cb@256bit.org>

Mon, 30 Mar 2026 08:50:10 +0000 (08:50 +0000)
author Christian Brabandt <cb@256bit.org>
Mon, 30 Mar 2026 08:20:43 +0000 (08:20 +0000)
committer Christian Brabandt <cb@256bit.org>
Mon, 30 Mar 2026 08:50:10 +0000 (08:50 +0000)
diff --git a/src/autocmd.c b/src/autocmd.c

index e6b6ecbe01467af74418cddeb9a84de79a7fb85b..8fe51dc92f533559a7384dbadc327d0841824be0 100644 (file)
--- a/src/autocmd.c
+++ b/src/autocmd.c
@@ -3061,6 +3061,9 @@ autocmd_add_or_delete(typval_T *argvars, typval_T *rettv, int delete)
      rettv->v_type = VAR_BOOL;
      rettv->vval.v_number = VVAL_FALSE;
  
+    if (check_restricted() || check_secure())
+       return;
+
      if (check_for_list_arg(argvars, 0) == FAIL)
         return;
  
diff --git a/src/optiondefs.h b/src/optiondefs.h

index 33d0a711032a135428e3c0ae4241dcd8fdf6b20b..ca2795a364b665858a7d5581031be2cf73b41e4b 100644 (file)
--- a/src/optiondefs.h
+++ b/src/optiondefs.h
@@ -2578,7 +2578,7 @@ static struct vimoption options[] =
                             (char_u *)&p_tpm, PV_NONE, NULL, NULL,
                             {(char_u *)10L, (char_u *)0L} SCTX_INIT},
  #if defined(FEAT_TABPANEL)
-    {"tabpanel",  "tpl",    P_STRING|P_VI_DEF|P_RALL,
+    {"tabpanel",  "tpl",    P_STRING|P_VI_DEF|P_RALL|P_MLE,
                             (char_u *)&p_tpl, PV_NONE, NULL, NULL,
                             {(char_u *)"", (char_u *)0L} SCTX_INIT},
      {"tabpanelopt","tplo",  P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_COLON
diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim

index b18e29f0579fc9a3e5c97d95b38eea5d76911bbc..592dd4715098bc9c691fac9e89d0a11a4883307d 100644 (file)
--- a/src/testdir/test_autocmd.vim
+++ b/src/testdir/test_autocmd.vim
@@ -5962,4 +5962,9 @@ func Test_SwapExists_b_nwindows()
    %bw!
  endfunc
  
+func Test_autocmd_add_secure()
+  call assert_fails('sandbox call autocmd_add([{"event": "BufRead", "cmd": "let x = 1"}])', 'E48:')
+  call assert_fails('sandbox call autocmd_delete([{"event": "BufRead"}])', 'E48:')
+endfunc
+
  " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_tabpanel.vim b/src/testdir/test_tabpanel.vim

index 556cc3b834ec3f3e1b1e8ee674e437b112a913fa..4837a643d50f619341ea7354d49d00484ba13b05 100644 (file)
--- a/src/testdir/test_tabpanel.vim
+++ b/src/testdir/test_tabpanel.vim
@@ -872,4 +872,19 @@ function Test_tabpanel_showtabpanel_via_cmd_arg()
    set showtabpanel& noruler&
  endfunc
  
+func Test_tabpanel_no_modeline()
+  let _tpl = &tabpanel
+  let _mls = &modelineexpr
+
+  set nomodelineexpr
+  setlocal modeline
+  new
+  call writefile(['/* vim: set tabpanel=test: */'], 'Xtabpanel.txt', 'D')
+  call assert_fails(':e Xtabpanel.txt', 'E992:')
+
+  let &tabpanel = _tpl
+  let &modelineexpr = _mls
+  bw!
+endfunc
+
  " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c

index 6c60c9dc23868bf0054c4a662c172297d8363703..7ea6b064f6159f5b74d30a114ce31212a9bda3ab 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    272,
  /**/
      271,
  /**/
author	Christian Brabandt <cb@256bit.org>
	Mon, 30 Mar 2026 08:20:43 +0000 (08:20 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Mon, 30 Mar 2026 08:50:10 +0000 (08:50 +0000)
src/autocmd.c		patch \| blob \| blame \| history
src/optiondefs.h		patch \| blob \| blame \| history
src/testdir/test_autocmd.vim		patch \| blob \| blame \| history
src/testdir/test_tabpanel.vim		patch \| blob \| blame \| history
src/version.c		patch \| blob \| blame \| history