fix(api): nvim_eval_statusline should validate input #18347

Fix #18112

Make an exception for strings starting with "%!".
This commit is contained in:
deforde 2022-05-15 22:06:23 +02:00 committed by GitHub
parent 19da1071dc
commit 0a3d615b1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions

View File

@ -2276,6 +2276,14 @@ Dictionary nvim_eval_statusline(String str, Dict(eval_statusline) *opts, Error *
bool use_tabline = false; bool use_tabline = false;
bool highlights = false; bool highlights = false;
if (str.size < 2 || memcmp(str.data, "%!", 2)) {
const char *const errmsg = check_stl_option((char_u *)str.data);
if (errmsg) {
api_set_error(err, kErrorTypeValidation, "%s", errmsg);
return result;
}
}
if (HAS_KEY(opts->winid)) { if (HAS_KEY(opts->winid)) {
if (opts->winid.type != kObjectTypeInteger) { if (opts->winid.type != kObjectTypeInteger) {
api_set_error(err, kErrorTypeValidation, "winid must be an integer"); api_set_error(err, kErrorTypeValidation, "winid must be an integer");

View File

@ -3044,6 +3044,10 @@ describe('API', function()
eq('fillchar must be a single character', eq('fillchar must be a single character',
pcall_err(meths.eval_statusline, '', { fillchar = 1 })) pcall_err(meths.eval_statusline, '', { fillchar = 1 }))
end) end)
it('rejects invalid string', function()
eq('E539: Illegal character <}>',
pcall_err(meths.eval_statusline, '%{%}', {}))
end)
describe('highlight parsing', function() describe('highlight parsing', function()
it('works', function() it('works', function()
eq({ eq({