neovim/runtime/autoload/dist/vim.vim
Christian Clason 26cdff0e92 vim-patch:cd8a3eaf5348
runtime(dist): centralize safe executable check and add vim library (vim/vim#13413)

Follow up to 816fbcc26 (patch 9.0.1833: [security] runtime file fixes,
2023-08-31) and f7ac0ef50 (runtime: don't execute external commands when
loading ftplugins, 2023-09-06).

This puts the logic for safe executable checks in a single place, by introducing
a central vim library, so all filetypes benefit from consistency.

Notable changes:
- dist#vim because the (autoload) namespace for a new runtime support
  library. Supporting functions should get documentation. It might make
  life easier for NeoVim devs to make the documentation a new file
  rather than cram it into existing files, though we may want
  cross-references to it somewhere…
- The gzip and zip plugins need to be opted into by enabling execution
  of those programs (or the global plugin_exec). This needs
  documentation or discussion.
- This fixes a bug in the zig plugin: code setting s:tmp_cwd was removed
  in f7ac0ef50 (runtime: don't execute external commands when loading
  ftplugins, 2023-09-06), but the variable was still referenced. Since
  the new function takes care of that automatically, the variable is no
  longer needed.

cd8a3eaf53

Co-authored-by: D. Ben Knoble <ben.knoble+github@gmail.com>
2023-11-05 21:52:02 +01:00

18 lines
524 B
VimL

vim9script
# Vim runtime support library
#
# Maintainer: The Vim Project <https://github.com/vim/vim>
# Last Change: 2023 Oct 25
export def IsSafeExecutable(filetype: string, executable: string): bool
var cwd = getcwd()
return get(g:, filetype .. '_exec', get(g:, 'plugin_exec', 0))
&& (fnamemodify(exepath(executable), ':p:h') !=# cwd
|| (split($PATH, has('win32') ? ';' : ':')->index(cwd) != -1
&& cwd != '.'))
enddef
# Uncomment this line to check for compilation errors early
# defcompile