--- vim70/src/eval.c.cve-2007-2438 2007-05-09 13:53:15.000000000 -0600
+++ vim70/src/eval.c 2007-05-09 13:58:01.000000000 -0600
@@ -9068,6 +9068,13 @@ f_feedkeys(argvars, rettv)
char_u *keys_esc;
rettv->vval.v_number = 0;
+
+ /* This is not allowed in the sandbox. If the commands would still be
+ * executed in the sandbox it would be OK, but it probably happens later,
+ * when "sandbox" is no longer set. */
+ if (check_secure())
+ return;
+
keys = get_tv_string(&argvars[0]);
if (*keys != NUL)
{
@@ -15567,6 +15574,9 @@ f_system(argvars, rettv)
char_u buf[NUMBUFLEN];
int err = FALSE;
FILE *fd;
+
+ if (check_restricted() || check_secure())
+ return;
if (argvars[1].v_type != VAR_UNKNOWN)
{
@@ -16392,6 +16402,9 @@ f_writefile(argvars, rettv)
char_u *s;
int ret = 0;
int c;
+
+ if (check_restricted() || check_secure())
+ return;
if (argvars[0].v_type != VAR_LIST)
{
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
a0b70d761d82dc51a820d13d5b3b3455
>
files
>
27
