mirror of
https://github.com/neovim/neovim.git
synced 2024-12-29 14:41:06 -07:00
7bf0963d48
Problem: runtime files may execute code in current dir
Solution: only execute, if not run from current directory
The perl, zig and ruby filetype plugins and the zip and gzip autoload
plugins may try to load malicious executable files from the current
working directory. This is especially a problem on windows, where the
current directory is implicitly in your $PATH and windows may even run a
file with the extension `.bat` because of $PATHEXT.
So make sure that we are not trying to execute a file from the current
directory. If this would be the case, error out (for the zip and gzip)
plugins or silently do not run those commands (for the ftplugins).
This assumes, that only the current working directory is bad. For all
other directories, it is assumed that those directories were
intentionally set to the $PATH by the user.
|
||
|---|---|---|
| .. | ||
| provider | ||
| remote | ||
| xml | ||
| zig | ||
| ada.vim | ||
| adacomplete.vim | ||
| bitbake.vim | ||
| ccomplete.lua | ||
| ccomplete.vim | ||
| clojurecomplete.vim | ||
| context.vim | ||
| contextcomplete.vim | ||
| csscomplete.vim | ||
| decada.vim | ||
| freebasic.vim | ||
| gnat.vim | ||
| gzip.vim | ||
| haskellcomplete.vim | ||
| health.vim | ||
| htmlcomplete.vim | ||
| javascriptcomplete.vim | ||
| msgpack.vim | ||
| netrw_gitignore.vim | ||
| netrw.vim | ||
| netrwFileHandlers.vim | ||
| netrwSettings.vim | ||
| paste.vim | ||
| phpcomplete.vim | ||
| provider.vim | ||
| python3complete.vim | ||
| python.vim | ||
| pythoncomplete.vim | ||
| README.txt | ||
| RstFold.vim | ||
| rubycomplete.vim | ||
| rust.vim | ||
| rustfmt.vim | ||
| shada.vim | ||
| spellfile.vim | ||
| sqlcomplete.vim | ||
| syntaxcomplete.vim | ||
| tar.vim | ||
| tohtml.vim | ||
| tutor.vim | ||
| vimexpect.vim | ||
| xmlcomplete.vim | ||
| xmlformat.vim | ||
| zip.vim | ||
The autoload directory is for standard Vim autoload scripts. These are functions used by plugins and for general use. They will be loaded automatically when the function is invoked. See ":help autoload". gzip.vim for editing compressed files netrw*.vim browsing (remote) directories and editing remote files tar.vim browsing tar files zip.vim browsing zip files paste.vim common code for mswin.vim, menu.vim and macmap.vim spellfile.vim downloading of a missing spell file Omni completion files: ccomplete.vim C csscomplete.vim HTML / CSS htmlcomplete.vim HTML javascriptcomplete.vim Javascript phpcomplete.vim PHP pythoncomplete.vim Python rubycomplete.vim Ruby syntaxcomplete.vim from syntax highlighting xmlcomplete.vim XML (uses files in the xml directory)