Commit: patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode
1 view
Skip to first unread message
Christian Brabandt
Jun 9, 2026, 3:15:14 PM (yesterday) Jun 9
to vim...@googlegroups.com
patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode
Commit: https://github.com/vim/vim/commit/60ebdf7e34687fd7821045268ee4b2b599112413
Author: Christian Brabandt <c...@256bit.org>
Date: Tue Jun 9 19:05:18 2026 +0000
patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode
Problem: popup_setoptions()/ch_setoptions() does not check
secure/restricted mode
Solution: Add missing checks for check_restricted()/check_secure()
closes: #20456
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/channel.c b/src/channel.c
index 27aa259e2..cfbfcb2be 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -5927,6 +5927,9 @@ f_ch_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
channel_T *channel;
jobopt_T opt;
+ if (check_restricted() || check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_chan_or_job_arg(argvars, 0) == FAIL
|| check_for_dict_arg(argvars, 1) == FAIL))
diff --git a/src/popupwin.c b/src/popupwin.c
index cae19b908..79ff1b09c 100644
--- a/src/popupwin.c
+++ b/src/popupwin.c
@@ -4491,6 +4491,9 @@ f_popup_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
int need_redraw = FALSE;
int need_reposition = FALSE;
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_number_arg(argvars, 0) == FAIL
|| check_for_dict_arg(argvars, 1) == FAIL))
diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim
index 32b280188..ac394dd2b 100644
--- a/src/testdir/test_popup.vim
+++ b/src/testdir/test_popup.vim
@@ -2632,8 +2632,9 @@ func Test_popup_opacity_move_after_close()
call StopVimInTerminal(buf)
endfunc
-func Test_popup_create_sandbox()
+func Test_popup_sandbox()
call assert_fails('sandbox call popup_create("hello", {})', 'E48:')
+ call assert_fails('sandbox call popup_setoptions(1, {})', 'E48:')
endfunc
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index 21133089e..1997e20b4 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -70,6 +70,7 @@ func Test_restricted_mode()
if has('channel')
call assert_fails("call ch_logfile('Xlog')", 'E145:')
call assert_fails("call ch_open('localhost:8765')", 'E145:')
+ call assert_fails("call ch_setoptions('localhost:8765', {})", 'E145:')
endif
if has('job')
diff --git a/src/version.c b/src/version.c
index e35cb0962..df1311759 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 608,
/**/
607,
/**/
Commit: https://github.com/vim/vim/commit/60ebdf7e34687fd7821045268ee4b2b599112413
Author: Christian Brabandt <c...@256bit.org>
Date: Tue Jun 9 19:05:18 2026 +0000
patch 9.2.0608: popup_setoptions()/ch_setoptions() does not check secure mode
Problem: popup_setoptions()/ch_setoptions() does not check
secure/restricted mode
Solution: Add missing checks for check_restricted()/check_secure()
closes: #20456
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/channel.c b/src/channel.c
index 27aa259e2..cfbfcb2be 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -5927,6 +5927,9 @@ f_ch_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
channel_T *channel;
jobopt_T opt;
+ if (check_restricted() || check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_chan_or_job_arg(argvars, 0) == FAIL
|| check_for_dict_arg(argvars, 1) == FAIL))
diff --git a/src/popupwin.c b/src/popupwin.c
index cae19b908..79ff1b09c 100644
--- a/src/popupwin.c
+++ b/src/popupwin.c
@@ -4491,6 +4491,9 @@ f_popup_setoptions(typval_T *argvars, typval_T *rettv UNUSED)
int need_redraw = FALSE;
int need_reposition = FALSE;
+ if (check_secure())
+ return;
+
if (in_vim9script()
&& (check_for_number_arg(argvars, 0) == FAIL
|| check_for_dict_arg(argvars, 1) == FAIL))
diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim
index 32b280188..ac394dd2b 100644
--- a/src/testdir/test_popup.vim
+++ b/src/testdir/test_popup.vim
@@ -2632,8 +2632,9 @@ func Test_popup_opacity_move_after_close()
call StopVimInTerminal(buf)
endfunc
-func Test_popup_create_sandbox()
+func Test_popup_sandbox()
call assert_fails('sandbox call popup_create("hello", {})', 'E48:')
+ call assert_fails('sandbox call popup_setoptions(1, {})', 'E48:')
endfunc
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index 21133089e..1997e20b4 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -70,6 +70,7 @@ func Test_restricted_mode()
if has('channel')
call assert_fails("call ch_logfile('Xlog')", 'E145:')
call assert_fails("call ch_open('localhost:8765')", 'E145:')
+ call assert_fails("call ch_setoptions('localhost:8765', {})", 'E145:')
endif
if has('job')
diff --git a/src/version.c b/src/version.c
index e35cb0962..df1311759 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 608,
/**/
607,
/**/
Reply all
Reply to author
Forward
0 new messages