From: Christian Brabandt <cb@256bit.org>
Date: Mon, 27 Apr 2026 18:29:33 +0000 (+0000)
Subject: patch 9.2.0404: redraw_listener_add() does not check secure flag
X-Git-Tag: v9.2.0404^0
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3958188f6aace8f828a36f8886e99c6a64fedcf1;p=thirdparty%2Fvim.git

patch 9.2.0404: redraw_listener_add() does not check secure flag

Problem:  redraw_listener_add() does not check secure flag
Solution: Check for check_secure() in f_redraw_listener_add()

closes: #20070

Signed-off-by: Christian Brabandt <cb@256bit.org>
---

diff --git a/runtime/doc/builtin.txt b/runtime/doc/builtin.txt
index 371de4b2c6..67ebc70f94 100644
--- a/runtime/doc/builtin.txt
+++ b/runtime/doc/builtin.txt
@@ -1,4 +1,4 @@
-*builtin.txt*	For Vim version 9.2.  Last change: 2026 Apr 26
+*builtin.txt*	For Vim version 9.2.  Last change: 2026 Apr 27
 
 
 		  VIM REFERENCE MANUAL	  by Bram Moolenaar
@@ -6863,6 +6863,8 @@ listener_add({callback} [, {buf} [, {unbuffered}]])	*listener_add()*
 		second argument: >
 			GetBuffer()->listener_add(callback)
 <
+		This function is not available in the |sandbox|.
+
 		Return type: |Number|
 
 
@@ -6877,6 +6879,8 @@ listener_flush([{buf}])					*listener_flush()*
 		Can also be used as a |method|: >
 			GetBuffer()->listener_flush()
 <
+		This function is not available in the |sandbox|.
+
 		Return type: void
 
 
@@ -6888,6 +6892,8 @@ listener_remove({id})					*listener_remove()*
 		Can also be used as a |method|: >
 			GetListenerId()->listener_remove()
 <
+		This function is not available in the |sandbox|.
+
 		Return type: |Number|
 
 
@@ -8867,6 +8873,8 @@ redraw_listener_add({opts})				*redraw_listener_add()*
 		Can also be used as a |method|: >
 			GetOpts()->redraw_listener_add()
 <
+		This function is not available in the |sandbox|.
+
 		Return type: |Number|
 
 
diff --git a/src/drawscreen.c b/src/drawscreen.c
index 2f36f4f5a0..702d686aba 100644
--- a/src/drawscreen.c
+++ b/src/drawscreen.c
@@ -3506,6 +3506,9 @@ f_redraw_listener_add(typval_T *argvars, typval_T *rettv)
     bool		got_one = false;
     static int		id;
 
+    if (check_secure())
+	return;
+
     if (redraw_cb_in_progress)
     {
 	emsg(_(e_cannot_add_redraw_listener_in_listener_callback));
diff --git a/src/testdir/test_listener.vim b/src/testdir/test_listener.vim
index 8cbd15377a..6b91e8d046 100644
--- a/src/testdir/test_listener.vim
+++ b/src/testdir/test_listener.vim
@@ -801,4 +801,15 @@ func Test_listener_blockwise_paste()
   bwipe!
 endfunc
 
+func Test_listener_add_in_sandbox()
+  call assert_fails(
+    \ 'sandbox call redraw_listener_add({"on_start": function("tr")})',
+    \ 'E48:')
+  call assert_fails(
+    \ 'sandbox call listener_add({"on_start": function("tr")})',
+    \ 'E48:')
+  call assert_fails('sandbox call listener_flush()', 'E48:')
+  call assert_fails('sandbox call listener_remove(1)', 'E48:')
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 72f88365f5..ef0fd8afa2 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    404,
 /**/
     403,
 /**/