patch 8.0.1647: terminal API may call any user function
Problem:    Terminal API may call a function not meant to be called by this
            API.
Solution:   Require the function to start with Tapi_.
			
			
This commit is contained in:
		| @ -423,20 +423,26 @@ Currently supported commands: | ||||
|  | ||||
| 	call {funcname} {argument} | ||||
|  | ||||
| 		Call a user defined function with [argument].  The function is | ||||
| 		called with the buffer number of the terminal and the decoded | ||||
| 		argument.  The user function must sanity check the argument. | ||||
| 		Call a user defined function with {argument}. | ||||
| 		The function is called with two arguments: the buffer number | ||||
| 		of the terminal and {argument}, the decoded JSON argument.  | ||||
| 		The function name must start with "Tapi_" to avoid | ||||
| 		accidentally calling a function not meant to be used for the | ||||
| 		terminal API | ||||
| 		The user function should sanity check the argument. | ||||
| 		The function can use |term_sendkeys()| to send back a reply. | ||||
| 		Example in JSON: > | ||||
| 			["call", "Impression", ["play", 14]] | ||||
| 			["call", "Tapi_Impression", ["play", 14]] | ||||
| <		Calls a function defined like this: > | ||||
| 			function Impression(bufnum, arglist) | ||||
| 			function Tapi_Impression(bufnum, arglist) | ||||
| 			  if len(a:arglist) == 2 | ||||
| 			    echo "impression " . a:arglist[0] | ||||
| 			    echo "count " . a:arglist[1] | ||||
| 			    echomsg "impression " . a:arglist[0] | ||||
| 			    echomsg "count " . a:arglist[1] | ||||
| 			  endif | ||||
| 			endfunc | ||||
| < | ||||
| <		Output from `:echo` may be erased by a redraw, use `:echomsg` | ||||
| 		to be able to see it with `:messages`. | ||||
|  | ||||
| 	drop {filename} | ||||
|  | ||||
| 		Let Vim open a file, like the `:drop` command.  If {filename} | ||||
| @ -447,7 +453,7 @@ Currently supported commands: | ||||
|  | ||||
| A trick to have Vim send this escape sequence: > | ||||
| 	exe "set t_ts=\<Esc>]51; t_fs=\x07" | ||||
| 	let &titlestring = '["call","TryThis",["hello",123]]' | ||||
| 	let &titlestring = '["call","Tapi_TryThis",["hello",123]]' | ||||
| 	redraw | ||||
| 	set t_ts& t_fs& | ||||
|  | ||||
|  | ||||
| @ -3193,7 +3193,7 @@ handle_call_command(term_T *term, channel_T *channel, listitem_T *item) | ||||
|     } | ||||
|     func = get_tv_string(&item->li_tv); | ||||
|  | ||||
|     if (!ASCII_ISUPPER(*func)) | ||||
|     if (STRNCMP(func, "Tapi_", 5) != 0) | ||||
|     { | ||||
| 	ch_log(channel, "Invalid function name: %s", func); | ||||
| 	return; | ||||
|  | ||||
| @ -1072,24 +1072,28 @@ func Test_terminal_api_drop_oldwin() | ||||
|   bwipe Xtextfile | ||||
| endfunc | ||||
|  | ||||
| func TryThis(bufnum, arg) | ||||
| func Tapi_TryThis(bufnum, arg) | ||||
|   let g:called_bufnum = a:bufnum | ||||
|   let g:called_arg = a:arg | ||||
| endfunc | ||||
|  | ||||
| func WriteApiCall(funcname) | ||||
|   " Use the title termcap entries to output the escape sequence. | ||||
|   call writefile([ | ||||
| 	\ 'set title', | ||||
| 	\ 'exe "set t_ts=\<Esc>]51; t_fs=\x07"', | ||||
| 	\ 'let &titlestring = ''["call","' . a:funcname . '",["hello",123]]''', | ||||
| 	\ 'redraw', | ||||
| 	\ "set t_ts=", | ||||
| 	\ ], 'Xscript') | ||||
| endfunc | ||||
|  | ||||
| func Test_terminal_api_call() | ||||
|   if !CanRunVimInTerminal() | ||||
|     return | ||||
|   endif | ||||
|  | ||||
|   " Use the title termcap entries to output the escape sequence. | ||||
|   call writefile([ | ||||
| 	\ 'set title', | ||||
| 	\ 'exe "set t_ts=\<Esc>]51; t_fs=\x07"', | ||||
| 	\ 'let &titlestring = ''["call","TryThis",["hello",123]]''', | ||||
| 	\ 'redraw', | ||||
| 	\ "set t_ts=", | ||||
| 	\ ], 'Xscript') | ||||
|   call WriteApiCall('Tapi_TryThis') | ||||
|   let buf = RunVimInTerminal('-S Xscript', {}) | ||||
|   call WaitFor({-> exists('g:called_bufnum')}) | ||||
|   call assert_equal(buf, g:called_bufnum) | ||||
| @ -1100,3 +1104,19 @@ func Test_terminal_api_call() | ||||
|   unlet g:called_bufnum | ||||
|   unlet g:called_arg | ||||
| endfunc | ||||
|  | ||||
| func Test_terminal_api_call_fails() | ||||
|   if !CanRunVimInTerminal() | ||||
|     return | ||||
|   endif | ||||
|  | ||||
|   call WriteApiCall('TryThis') | ||||
|   call ch_logfile('Xlog', 'w') | ||||
|   let buf = RunVimInTerminal('-S Xscript', {}) | ||||
|   call WaitFor({-> string(readfile('Xlog')) =~ 'Invalid function name: TryThis'}) | ||||
|  | ||||
|   call StopVimInTerminal(buf) | ||||
|   call delete('Xscript') | ||||
|   call ch_logfile('', '') | ||||
|   call delete('Xlog') | ||||
| endfunc | ||||
|  | ||||
| @ -766,6 +766,8 @@ static char *(features[]) = | ||||
|  | ||||
| static int included_patches[] = | ||||
| {   /* Add new patch number below this line */ | ||||
| /**/ | ||||
|     1647, | ||||
| /**/ | ||||
|     1646, | ||||
| /**/ | ||||
|  | ||||
		Reference in New Issue
	
	Block a user