patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode

Problem:  popup_setoptions()/ch_setoptions() does not check
          secure/restricted mode
Solution: Add missing checks for check_restricted()/check_secure()

closes: #20456

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/channel.c b/src/channel.c
index 27aa259e2b69751f0bc823a536c7810090cc9289..cfbfcb2bec95cedc114e041643c79a92af52f455 100644 (file)
--- a/src/channel.c
+++ b/src/channel.c
@@ -5927,6 +5927,9 @@ f_ch_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
     channel_T  *channel;
     jobopt_T   opt;
 
+    if (check_restricted() || check_secure())
+       return;
+
     if (in_vim9script()
            && (check_for_chan_or_job_arg(argvars, 0) == FAIL
                || check_for_dict_arg(argvars, 1) == FAIL))

diff --git a/src/popupwin.c b/src/popupwin.c
index cae19b908d9fdf2b5ddfffa1c66944a92ec43c58..79ff1b09cc8e8faf199cd661861faf03a66107c7 100644 (file)
--- a/src/popupwin.c
+++ b/src/popupwin.c
@@ -4491,6 +4491,9 @@ f_popup_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
     int                need_redraw = FALSE;
     int                need_reposition = FALSE;
 
+    if (check_secure())
+       return;
+
     if (in_vim9script()
            && (check_for_number_arg(argvars, 0) == FAIL
                || check_for_dict_arg(argvars, 1) == FAIL))

diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim
index 32b2801888ab65339121b3e355683a2db64c845e..ac394dd2b6a435150ccc2c41b8d3a53a8337437d 100644 (file)
--- a/src/testdir/test_popup.vim
+++ b/src/testdir/test_popup.vim
@@ -2632,8 +2632,9 @@ func Test_popup_opacity_move_after_close()
   call StopVimInTerminal(buf)
 endfunc
 
-func Test_popup_create_sandbox()
+func Test_popup_sandbox()
   call assert_fails('sandbox call popup_create("hello", {})', 'E48:')
+  call assert_fails('sandbox call popup_setoptions(1, {})', 'E48:')
 endfunc
 
 " vim: shiftwidth=2 sts=2 expandtab

diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index 21133089eeaadabfa924a1e923e7ea71733eb2cb..1997e20b4f3277ae047497864b0632557158a73a 100644 (file)
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -70,6 +70,7 @@ func Test_restricted_mode()
     if has('channel')
       call assert_fails("call ch_logfile('Xlog')", 'E145:')
       call assert_fails("call ch_open('localhost:8765')", 'E145:')
+      call assert_fails("call ch_setoptions('localhost:8765', {})", 'E145:')
     endif
 
     if has('job')

diff --git a/src/version.c b/src/version.c
index e35cb0962d4e7711c08d19313f024f0bbedf7b72..df1311759e4061545bb41b041c47e9cbd4a7fb48 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    608,
 /**/
     607,
 /**/