patch 9.0.1440: "rvim" can execute a shell through :diffpatch

Problem:    "rvim" can execute a shell through :diffpatch.
Solution:   Disallow the shell "patch" command.

src/diff.c

@@ -1310,6 +1310,9 @@ ex_diffpatch(exarg_T *eap)
     else
 #endif
     {
+	if (check_restricted())
+	    goto theend;
+
 	// Build the patch command and execute it.  Ignore errors.  Switch to
 	// cooked mode to allow the user to respond to prompts.
 	vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
@@ -1380,7 +1383,8 @@ ex_diffpatch(exarg_T *eap)
 
 		    // Do filetype detection with the new name.
 		    if (au_has_group((char_u *)"filetypedetect"))
-			do_cmdline_cmd((char_u *)":doau filetypedetect BufRead");
+			do_cmdline_cmd(
+				     (char_u *)":doau filetypedetect BufRead");
 		}
 	    }
 	}

src/testdir/test_diffmode.vim

@@ -736,6 +736,21 @@ func Test_diffpatch()
   bwipe!
 endfunc
 
+" FIXME: test fails, the Xresult file can't be read
+func No_Test_diffpatch_restricted()
+  let lines =<< trim END
+    call assert_fails('diffpatch NoSuchDiff', 'E145:')
+
+    call writefile(v:errors, 'Xresult')
+    qa!
+  END
+  call writefile(lines, 'Xrestricted', 'D')
+  if RunVim([], [], '-Z --clean -S Xrestricted')
+    call assert_equal([], readfile('Xresult'))
+  endif
+  call delete('Xresult')
+endfunc
+
 func Test_diff_too_many_buffers()
   for i in range(1, 8)
     exe "new Xtest" . i

src/version.c

@@ -695,6 +695,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1440,
 /**/
     1439,
 /**/