patch 9.2.0405: when jumping to tags, will open URLs

author Christian Brabandt <cb@256bit.org>

Mon, 27 Apr 2026 18:40:07 +0000 (18:40 +0000)

committer Christian Brabandt <cb@256bit.org>

Mon, 27 Apr 2026 18:43:10 +0000 (18:43 +0000)
author Christian Brabandt <cb@256bit.org>
Mon, 27 Apr 2026 18:40:07 +0000 (18:40 +0000)
committer Christian Brabandt <cb@256bit.org>
Mon, 27 Apr 2026 18:43:10 +0000 (18:43 +0000)
diff --git a/runtime/doc/tags b/runtime/doc/tags

index 65edb2c31cfd9106422b2984c72ad5f47e5fcccc..6376edad2fe178608c7e4915e1679bc330f929a9 100644 (file)
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -4778,6 +4778,7 @@ E1572     options.txt     /*E1572*
  E1573  channel.txt     /*E1573*
  E1574  channel.txt     /*E1574*
  E1575  builtin.txt     /*E1575*
+E1576  tagsrch.txt     /*E1576*
  E158   sign.txt        /*E158*
  E159   sign.txt        /*E159*
  E16    cmdline.txt     /*E16*
diff --git a/runtime/doc/tagsrch.txt b/runtime/doc/tagsrch.txt

index eb2cb1b3f9c93186d360f3693b59b09a81ee89bf..cad4caf1a94ad85c06021aad6d9e733bac5a75c4 100644 (file)
--- a/runtime/doc/tagsrch.txt
+++ b/runtime/doc/tagsrch.txt
@@ -579,6 +579,9 @@ ctags).
                 have an absolute or relative path.  It may contain environment
                 variables and wildcards (although the use of wildcards is
                 doubtful).  It cannot contain a <Tab>.
+                                                               *E1576*
+               Using a remote file via network protocol (e.g. using
+               http://remote/file.txt) is not allowed.
  {tagaddress}   The Ex command that positions the cursor on the tag.  It can
                 be any Ex command, although restrictions apply (see
                 |tag-security|).  Posix only allows line numbers and search
diff --git a/src/errors.h b/src/errors.h

index 8ac627af68d2c406e9f89dbeff539cc0bb2d985b..c077118c6d9b2095e87fe98e18484463d9ba0c77 100644 (file)
--- a/src/errors.h
+++ b/src/errors.h
@@ -3809,3 +3809,5 @@ EXTERN char e_gethostbyname_in_channel_listen[]
  EXTERN char e_cannot_create_pipes[]
         INIT(= N_("E1575: Cannot create pipes"));
  #endif
+EXTERN char e_tag_file_entry_must_not_be_url[]
+       INIT(= N_("E1576: Tag file entry must not be a URL"));
diff --git a/src/po/vim.pot b/src/po/vim.pot

index e3206e871264eb1253845509645b236ed3a73527..8f43a89f73ddba329dc8889f11883b95cca06f0f 100644 (file)
--- a/src/po/vim.pot
+++ b/src/po/vim.pot
@@ -8,7 +8,7 @@ msgid ""
  msgstr ""
  "Project-Id-Version: Vim\n"
  "Report-Msgid-Bugs-To: vim-dev@vim.org\n"
-"POT-Creation-Date: 2026-04-21 19:33+0000\n"
+"POT-Creation-Date: 2026-04-27 18:39+0000\n"
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
  "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -8856,6 +8856,9 @@ msgstr ""
  msgid "E1575: Cannot create pipes"
  msgstr ""
  
+msgid "E1576: Tag file entry must not be a URL"
+msgstr ""
+
  #. type of cmdline window or 0
  #. result of cmdline window or 0
  #. buffer of cmdline window or NULL
diff --git a/src/tag.c b/src/tag.c

index e10a837601cf489c7ab8a676ebfcda4bbae4b509..6861a44cf52afe81b9520be84ef0e907c95afa92 100644 (file)
--- a/src/tag.c
+++ b/src/tag.c
@@ -4135,6 +4135,15 @@ expand_tag_fname(char_u *fname, char_u *tag_fname, int expand)
      char_u     *expanded_fname = NULL;
      expand_T   xpc;
  
+    // Refuse to follow URLs from tag files.  Tag entries are expected
+    // to reference local source files; a URL would otherwise be passed
+    // to netrw and trigger a network request.
+    if (path_with_url(fname))
+    {
+       emsg(_(e_tag_file_entry_must_not_be_url));
+       return NULL;
+    }
+
      /*
       * Expand file name (for environment variables) when needed.
       * Disallow backticks, they could execute arbitrary shell
diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim

index c0fa7b02e6ecf4297d0030edf8c34bd53964846f..d0e18002bb835e8eaa21aae596c2699f43efd42f 100644 (file)
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -1715,4 +1715,15 @@ func Test_tag_backtick_filename_not_expanded()
    bwipe!
  endfunc
  
+func Test_tagjump_refuse_url()
+  call writefile([
+        \ "XTagURL\thttp://127.0.0.1:1/$XTAG_SECRET/file.c\t/^int main"
+        \ ], 'Xtags', 'D')
+  let save_tags = &tags
+  set tags=Xtags
+
+  call assert_fails('tag XTagURL', 'E1576:')
+  let &tags = save_tags
+endfunc
+
  " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c

index ef0fd8afa25dddb8714ba78927971ccac87b247c..9779964483adaa57d56db0ac5c15f285f746de6b 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    405,
  /**/
      404,
  /**/
author	Christian Brabandt <cb@256bit.org>
	Mon, 27 Apr 2026 18:40:07 +0000 (18:40 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Mon, 27 Apr 2026 18:43:10 +0000 (18:43 +0000)
runtime/doc/tags		patch \| blob \| blame \| history
runtime/doc/tagsrch.txt		patch \| blob \| blame \| history
src/errors.h		patch \| blob \| blame \| history
src/po/vim.pot		patch \| blob \| blame \| history
src/tag.c		patch \| blob \| blame \| history
src/testdir/test_tagjump.vim		patch \| blob \| blame \| history
src/version.c		patch \| blob \| blame \| history