From 5958f95a40a4a44bd9e7f3b7ec6554a6ef3e42ca Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 20 Nov 2018 04:25:21 +0100
Subject: [PATCH] patch 8.1.0538: evaluating a modeline might invoke using a
 shell command

Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.
---
 src/buffer.c  | 5 +++++
 src/version.c | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/src/buffer.c b/src/buffer.c
index 8e892dadf..ee962b2e8 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -5522,7 +5522,12 @@ chk_modeline(
 		current_sctx.sc_seq = 0;
 		current_sctx.sc_lnum = 0;
 #endif
+		// Make sure no risky things are executed as a side effect.
+		++sandbox;
+
 		retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+		--sandbox;
 #ifdef FEAT_EVAL
 		current_sctx = save_current_sctx;
 #endif
diff --git a/src/version.c b/src/version.c
index 29488c2a7..856941742 100644
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    538,
 /**/
     537,
 /**/
-- 
2.50.1