Commit: patch 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect
4 views
Skip to first unread message
Christian Brabandt
May 31, 2026, 8:45:14 AM (yesterday) May 31
to vim...@googlegroups.com
patch 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect
Commit: https://github.com/vim/vim/commit/868ad62cb8bf8038322eab2badd31bd98b02b9df
Author: thinca <thi...@gmail.com>
Date: Sun May 31 12:33:07 2026 +0000
patch 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect
Problem: The security patch 9.2.0561 added a vim.eval() call inside
Completer.evalsource() to honor g:pythoncomplete_allow_import.
But the 'vim' module is only imported inside the outer
vimcomplete() / vimpy3complete() function, not at the script's
top level, so referring to it from a Completer method raises
NameError. The surrounding bare 'except' silently swallows
the error and leaves allow_imports at 0, meaning the opt-in
never takes effect -- 'import os' (and any other
buffer-level import) is always skipped, no candidates are
produced for 'os.<...>' and
Test_popup_and_preview_autocommand() fails on the Windows
CI matrix (Linux skips the test because Python 2 is absent).
Solution: Re-import 'vim' at the top of evalsource() in both
pythoncomplete.vim and python3complete.vim so the eval reads
the global, and set g:pythoncomplete_allow_import = 1 in the
test (it is the opt-in intended for callers that trust the
buffer contents) (thinca).
closes: #20386
Signed-off-by: thinca <thi...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/autoload/python3complete.vim b/runtime/autoload/python3complete.vim
index 2b6a65252..0cbfc02ab 100644
--- a/runtime/autoload/python3complete.vim
+++ b/runtime/autoload/python3complete.vim
@@ -135,6 +135,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
+ # vim is imported locally in vimpy3complete(); re-import here so the
+ # vim.eval() below works (otherwise NameError, silently caught).
+ import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
diff --git a/runtime/autoload/pythoncomplete.vim b/runtime/autoload/pythoncomplete.vim
index 10147767e..b4340f7ae 100644
--- a/runtime/autoload/pythoncomplete.vim
+++ b/runtime/autoload/pythoncomplete.vim
@@ -149,6 +149,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
+ # vim is imported locally in vimcomplete(); re-import here so the
+ # vim.eval() below works (otherwise NameError, silently caught).
+ import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim
index adead6bac..cf9cbe166 100644
--- a/src/testdir/test_popup.vim
+++ b/src/testdir/test_popup.vim
@@ -723,6 +723,9 @@ func Test_popup_and_preview_autocommand()
au!
au BufAdd * nested tab sball
augroup END
+ " Let pythoncomplete follow the buffer's 'import os' (off by default
+ " since v9.2.0561) so 'os.' can be completed.
+ let g:pythoncomplete_allow_import = 1
set omnifunc=pythoncomplete#Complete
call setline(1, 'import os')
" make the line long
@@ -745,6 +748,7 @@ func Test_popup_and_preview_autocommand()
augroup END
augroup! MyBufAdd
bw!
+ unlet g:pythoncomplete_allow_import
endfunc
func s:run_popup_and_previewwindow_dump(lines, dumpfile)
diff --git a/src/version.c b/src/version.c
index 56ebd6f0c..d9815be70 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 568,
/**/
567,
/**/
Commit: https://github.com/vim/vim/commit/868ad62cb8bf8038322eab2badd31bd98b02b9df
Author: thinca <thi...@gmail.com>
Date: Sun May 31 12:33:07 2026 +0000
patch 9.2.0568: pythoncomplete: g:pythoncomplete_allow_import had no effect
Problem: The security patch 9.2.0561 added a vim.eval() call inside
Completer.evalsource() to honor g:pythoncomplete_allow_import.
But the 'vim' module is only imported inside the outer
vimcomplete() / vimpy3complete() function, not at the script's
top level, so referring to it from a Completer method raises
NameError. The surrounding bare 'except' silently swallows
the error and leaves allow_imports at 0, meaning the opt-in
never takes effect -- 'import os' (and any other
buffer-level import) is always skipped, no candidates are
produced for 'os.<...>' and
Test_popup_and_preview_autocommand() fails on the Windows
CI matrix (Linux skips the test because Python 2 is absent).
Solution: Re-import 'vim' at the top of evalsource() in both
pythoncomplete.vim and python3complete.vim so the eval reads
the global, and set g:pythoncomplete_allow_import = 1 in the
test (it is the opt-in intended for callers that trust the
buffer contents) (thinca).
closes: #20386
Signed-off-by: thinca <thi...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/autoload/python3complete.vim b/runtime/autoload/python3complete.vim
index 2b6a65252..0cbfc02ab 100644
--- a/runtime/autoload/python3complete.vim
+++ b/runtime/autoload/python3complete.vim
@@ -135,6 +135,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
+ # vim is imported locally in vimpy3complete(); re-import here so the
+ # vim.eval() below works (otherwise NameError, silently caught).
+ import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
diff --git a/runtime/autoload/pythoncomplete.vim b/runtime/autoload/pythoncomplete.vim
index 10147767e..b4340f7ae 100644
--- a/runtime/autoload/pythoncomplete.vim
+++ b/runtime/autoload/pythoncomplete.vim
@@ -149,6 +149,9 @@ class Completer(object):
self.parser = PyParser()
def evalsource(self,text,line=0):
+ # vim is imported locally in vimcomplete(); re-import here so the
+ # vim.eval() below works (otherwise NameError, silently caught).
+ import vim
sc = self.parser.parse(text,line)
try: allow_imports = int(
vim.eval("get(g:, 'pythoncomplete_allow_import', 0)"))
diff --git a/src/testdir/test_popup.vim b/src/testdir/test_popup.vim
index adead6bac..cf9cbe166 100644
--- a/src/testdir/test_popup.vim
+++ b/src/testdir/test_popup.vim
@@ -723,6 +723,9 @@ func Test_popup_and_preview_autocommand()
au!
au BufAdd * nested tab sball
augroup END
+ " Let pythoncomplete follow the buffer's 'import os' (off by default
+ " since v9.2.0561) so 'os.' can be completed.
+ let g:pythoncomplete_allow_import = 1
set omnifunc=pythoncomplete#Complete
call setline(1, 'import os')
" make the line long
@@ -745,6 +748,7 @@ func Test_popup_and_preview_autocommand()
augroup END
augroup! MyBufAdd
bw!
+ unlet g:pythoncomplete_allow_import
endfunc
func s:run_popup_and_previewwindow_dump(lines, dumpfile)
diff --git a/src/version.c b/src/version.c
index 56ebd6f0c..d9815be70 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 568,
/**/
567,
/**/
Reply all
Reply to author
Forward
0 new messages