Commit: patch 9.2.0177: Vim9: Can set environment variables in restricted mode
1 view
Skip to first unread message
Christian Brabandt
Mar 16, 2026, 5:32:02 PM (7 days ago) Mar 16
to vim...@googlegroups.com
patch 9.2.0177: Vim9: Can set environment variables in restricted mode
Commit: https://github.com/vim/vim/commit/36d0022b3ba5210103f6ebea2ab53f29966399c4
Author: pyllyukko <pyll...@maimed.org>
Date: Mon Mar 16 21:19:08 2026 +0000
patch 9.2.0177: Vim9: Can set environment variables in restricted mode
Problem: Vim9: Can set environment variables in restricted mode
Solution: Disallow settings variables in exec_instructions() when in
restricted mode (pyllyukko)
related: #13394
closes: #19705
Signed-off-by: pyllyukko <pyll...@maimed.org>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index aa7dc857e..71a0515e9 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -138,4 +138,26 @@ func Test_restricted_diff()
call delete('Xresult')
endfunc
+func Test_restricted_vim9_env()
+ let lines =<< trim END
+ vim9script
+ def SetEnv()
+ $ENV = '123'
+ enddef
+ var result = 'okay'
+ try
+ SetEnv()
+ catch /^Vim\%((\S\+)\)\=:E145:/
+ result = 'not-allowed'
+ endtry
+ writefile([result], 'XResult_env')
+ qa!
+ END
+ call writefile(lines, 'Xrestrictedvim9', 'D')
+ if RunVim([], [], '-Z --clean -S Xrestrictedvim9')
+ call assert_equal(['not-allowed'], readfile('XResult_env'))
+ endif
+ call delete('XResult_env')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index eff06e5c9..15d8a4d69 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 177,
/**/
176,
/**/
diff --git a/src/vim9execute.c b/src/vim9execute.c
index 76d160cd9..f7d0cc3c3 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4458,6 +4458,8 @@ exec_instructions(ectx_T *ectx)
// store $ENV
case ISN_STOREENV:
+ if (check_restricted())
+ goto theend;
--ectx->ec_stack.ga_len;
tv = STACK_TV_BOT(0);
vim_setenv_ext(iptr->isn_arg.string, tv_get_string(tv));
Commit: https://github.com/vim/vim/commit/36d0022b3ba5210103f6ebea2ab53f29966399c4
Author: pyllyukko <pyll...@maimed.org>
Date: Mon Mar 16 21:19:08 2026 +0000
patch 9.2.0177: Vim9: Can set environment variables in restricted mode
Problem: Vim9: Can set environment variables in restricted mode
Solution: Disallow settings variables in exec_instructions() when in
restricted mode (pyllyukko)
related: #13394
closes: #19705
Signed-off-by: pyllyukko <pyll...@maimed.org>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index aa7dc857e..71a0515e9 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -138,4 +138,26 @@ func Test_restricted_diff()
call delete('Xresult')
endfunc
+func Test_restricted_vim9_env()
+ let lines =<< trim END
+ vim9script
+ def SetEnv()
+ $ENV = '123'
+ enddef
+ var result = 'okay'
+ try
+ SetEnv()
+ catch /^Vim\%((\S\+)\)\=:E145:/
+ result = 'not-allowed'
+ endtry
+ writefile([result], 'XResult_env')
+ qa!
+ END
+ call writefile(lines, 'Xrestrictedvim9', 'D')
+ if RunVim([], [], '-Z --clean -S Xrestrictedvim9')
+ call assert_equal(['not-allowed'], readfile('XResult_env'))
+ endif
+ call delete('XResult_env')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index eff06e5c9..15d8a4d69 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 177,
/**/
176,
/**/
diff --git a/src/vim9execute.c b/src/vim9execute.c
index 76d160cd9..f7d0cc3c3 100644
--- a/src/vim9execute.c
+++ b/src/vim9execute.c
@@ -4458,6 +4458,8 @@ exec_instructions(ectx_T *ectx)
// store $ENV
case ISN_STOREENV:
+ if (check_restricted())
+ goto theend;
--ectx->ec_stack.ga_len;
tv = STACK_TV_BOT(0);
vim_setenv_ext(iptr->isn_arg.string, tv_get_string(tv));
Reply all
Reply to author
Forward
0 new messages