I am wondering what do you mean by “Vim”? If it is terminal Vim *and*
<C-S-v> is handled by the terminal itself (most likely, terminal Vim
cannot distinguish <C-v> and <C-S-v> because terminals send same byte
in both variants) then whether or not this is fixable depends on
whether or not terminal supports bracketed paste mode: if it does,
this can be fixed, otherwise cannot. In addition to this there is a
question whether pasted text can prematurely end paste mode itself, if
it can then this is terminal vulnerability and not Vim. Without the
terminal bracketed paste support all Vim sees is that “user is typing
very fast”, it cannot and should not prevent code in paste from being
executed: it is completely possible that Vim is being fed input from
e.g. some testing script (and I actually did something like this
myself).
*Vim* paste mode is utterly useless regarding the matter: it allows
escaping from insert mode just by `<Esc>`, so there still is a problem
if Vim cannot distinguish paste and input.
Note that any kind of pasting to GUI Vim should not be vulnerable, or
it is a fixable bug.
I personally use `"*p` or `"+p`. Pasting like this should not be
vulnerable with any kind of Vim UI. Basically if you want to paste
something to Vim you should make *Vim* take care of obtaining the
clipboard, `<C-S-v>` directs terminal. I have no idea why `:r !cat` is
vulnerable, best guess that if there is `<C-d>` in the paste then it
will end `cat` prematurely. Worse, while Vim telling terminal that it
can receive bracketed pastes is completely justified, Vim must not
assume that programs run with bang are also able to receive bracketed
pastes, so for `r !command` Vim should tell terminal “bracketed paste
can no longer be received” and `command` should again request
bracketed paste mode to receive bracketed pastes.
`<C-r>=system(…)` suggested by Marc Weber *must be* vulnerable, it is
the whole point of `<C-r>`. Literal pasting is `p` from normal mode
and `<C-r><C-r>` from insert mode, though I never used the latter
(`<C-r><C-r>+` and `<C-r><C-r>*` should not be vulnerable as well).
And, please, do not write `:r! cat`, this is highly misleading. Bang
here is not a command modifier, it is the start of the argument: use
`:r !cat`. Difference is that if it was a command modifier then proper
spelling of `:read ++enc=cp1251 !echo «»` would be `read! ++enc=cp1251
echo «»`, also using `:r !cat` looks more like `:!cat` then `:r! cat`
and these are related.
(BTW, why `:read ++enc=cp1251 !echo «»` does not yield the same result
as `:read !echo «» | iconv -f cp1251`?)
>
> --
> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit
http://www.vim.org/maillist.php
>
> ---
> You received this message because you are subscribed to the Google Groups "vim_dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
vim_dev+u...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.