patch 8.1.0540: may evaluate insecure value when appending to option

Problem:    May evaluate insecure value when appending to option.
Solution:   Set the secure flag when changing an option that was previously
            set insecurely.  Also allow numbers for the characters from
            'spelllang' that are used for LANG.vim.

diff --git a/src/option.c b/src/option.c
index e6d46aadf46c2237005858b702e2464bed8e5bad..50d405a952175cdaef585e6222f0062702631694 100644 (file)
--- a/src/option.c
+++ b/src/option.c
@@ -4705,6 +4705,8 @@ do_set(
            }
            else
            {
+               int value_is_replaced = !prepending && !adding && !removing;
+
                if (flags & P_BOOL)                 /* boolean */
                {
                    if (nextchar == '=' || nextchar == ':')
@@ -5209,12 +5211,36 @@ do_set(
                        }
 #endif
 
-                       /* Handle side effects, and set the global value for
-                        * ":set" on local options. Note: when setting 'syntax'
-                        * or 'filetype' autocommands may be triggered that can
-                        * cause havoc. */
-                       errmsg = did_set_string_option(opt_idx, (char_u **)varp,
-                               new_value_alloced, oldval, errbuf, opt_flags);
+                       {
+                           long_u *p = insecure_flag(opt_idx, opt_flags);
+                           int     did_inc_secure = FALSE;
+
+                           // When an option is set in the sandbox, from a
+                           // modeline or in secure mode, then deal with side
+                           // effects in secure mode.  Also when the value was
+                           // set with the P_INSECURE flag and is not
+                           // completely replaced.
+                           if (secure
+#ifdef HAVE_SANDBOX
+                                   || sandbox != 0
+#endif
+                                   || (opt_flags & OPT_MODELINE)
+                                   || (!value_is_replaced && (*p & P_INSECURE)))
+                           {
+                               did_inc_secure = TRUE;
+                               ++secure;
+                           }
+
+                           // Handle side effects, and set the global value for
+                           // ":set" on local options. Note: when setting 'syntax'
+                           // or 'filetype' autocommands may be triggered that can
+                           // cause havoc.
+                           errmsg = did_set_string_option(opt_idx, (char_u **)varp,
+                                   new_value_alloced, oldval, errbuf, opt_flags);
+
+                           if (did_inc_secure)
+                               --secure;
+                       }
 
 #if defined(FEAT_EVAL)
                        if (errmsg == NULL)
@@ -5254,8 +5280,7 @@ do_set(
                }
 
                if (opt_idx >= 0)
-                   did_set_option(opt_idx, opt_flags,
-                                        !prepending && !adding && !removing);
+                   did_set_option(opt_idx, opt_flags, value_is_replaced);
            }
 
 skip:
@@ -7758,7 +7783,7 @@ did_set_string_option(
             * '.encoding'.
             */
            for (p = q; *p != NUL; ++p)
-               if (!ASCII_ISALPHA(*p) && *p != '-')
+               if (!ASCII_ISALNUM(*p) && *p != '-')
                    break;
            if (p > q)
            {

diff --git a/src/version.c b/src/version.c
index a6f155f65193dd9197f613cb307d67fba49e6c38..f3889b075a3e37c27cc9ed9198c7aa8d9b9c22d4 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    540,
 /**/
     539,
 /**/