Commit: patch 9.2.0517: quickfix: can set quickfixtextfunc in restricted/sandbox mode

[Christian Brabandt]

patch 9.2.0517: quickfix: can set quickfixtextfunc in restricted/sandbox mode

Commit: https://github.com/vim/vim/commit/cb8510d4703c13b34e178067ffe48a24c9a3ad32
Author: Yegappan Lakshmanan <yega...@yahoo.com>
Date: Sat May 23 18:16:22 2026 +0000

patch 9.2.0517: quickfix: can set quickfixtextfunc in restricted/sandbox mode

Problem: quickfix: can set quickfixtextfunc in restricted/sandbox mode
(tacdm)
Solution: Disallow setting the quickfixtextfunc option from a sandbox
and restricted mode (Yegappan Lakshmanan).

closes: #20305

Co-Authored-by: tacdm
Signed-off-by: Yegappan Lakshmanan <yega...@yahoo.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>

diff --git a/src/quickfix.c b/src/quickfix.c
index feeec1812..3fe015ee5 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -8173,13 +8173,16 @@ qf_setprop_curidx(qf_info_T *qi, qf_list_T *qfl, dictitem_T *di)
}

/*
- * Set the current index in the specified quickfix list
+ * Set the 'quickfixtextfunc' in the specified quickfix/location list
*/
static int
qf_setprop_qftf(qf_info_T *qi UNUSED, qf_list_T *qfl, dictitem_T *di)
{
callback_T cb;

+ if (check_restricted() || check_secure())
+ return FAIL;
+
free_callback(&qfl->qf_qftf_cb);
cb = get_callback(&di->di_tv);
if (cb.cb_name == NULL || *cb.cb_name == NUL)
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 64ec97f50..e1dbaa7c5 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -7028,4 +7028,38 @@ func Test_efm_overlongline()
call setqflist([], 'f')
endfunc

+func Xtest_set_qftf_in_sandbox(cchar)
+ call s:setup_commands(a:cchar)
+
+ call g:Xsetlist([{'filename': 'test.c', 'lnum': 1, 'text': 'trigger'}])
+ let g:qftf_fn_called = v:false
+ func Qftf_Fn(d)
+ let g:qftf_fn_called = v:true
+ return []
+ endfunc
+
+ let g:caught_exception = v:false
+ try
+ sandbox call g:Xsetlist([], 'a', #{quickfixtextfunc: 'g:Qftf_Fn'})
+ catch /E48:/
+ let g:caught_exception = v:true
+ endtry
+ copen
+ cclose
+
+ call assert_equal(v:true, g:caught_exception)
+ call assert_equal(v:false, g:qftf_fn_called)
+
+ delfunc Qftf_Fn
+ unlet g:caught_exception
+ unlet g:qftf_fn_called
+ %bw!
+endfunc
+
+" Test for setting the 'quickfixtextfunc' in a sandbox
+func Test_set_qftf_in_sandbox()
+ call Xtest_set_qftf_in_sandbox('c')
+ call Xtest_set_qftf_in_sandbox('l')
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_restricted.vim b/src/testdir/test_restricted.vim
index d9810826a..21133089e 100644
--- a/src/testdir/test_restricted.vim
+++ b/src/testdir/test_restricted.vim
@@ -95,6 +95,7 @@ func Test_restricted_mode()
if has('unix')
call assert_fails('cd `pwd`', 'E145:')
endif
+ call assert_fails("call setqflist([], 'a', {'id': 1, 'quickfixtextfunc': 'tr'})", 'E145:')

call writefile(v:errors, 'Xresult')
qa!
diff --git a/src/version.c b/src/version.c
index 92eea5baa..f3dd63e77 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 517,
/**/
516,
/**/