Problem: [security]: path traversal issue in tar.vim
(@ax)
Solution: warn the user for such things, drop leading /, don't
forcefully overwrite files when writing temporary files,
refactor autoload/tar.vim
tar.vim: drop leading / in path names
A tar archive containing files with leading `/` may cause confusions as
to where the content is extracted. Let's make sure we drop the leading
`/` and use a relative path instead.
Also while at it, had to refactor it quite a bit and increase the
minimum supported Vim version to v9. Also add a test for some basic tar
functionality
closes: #17733
Problem: [security]: path traversal issue in zip.vim (@ax)
Solution: drop leading ../ on write of zipfiles, don't forcefully
overwrite existing files
A zip plugin which contains filenames with leading '../' may cause
confusion as to where the content will be extracted. Let's drop such
things and make sure we use a relative filename instead and don't
forcefully overwrite temporary files. Also, warn the user of such
things.
related: #17733
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: No test that undofile format does not regress
Solution: include a sample undofile to make sure we are always able to
read it
This is so, that we don't unintentionally change the undofile format and
make sure we can load an undo file that has been created by an older
Vim.
closes: #16127
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: zip-plugin has problems with special characters
(user202729)
Solution: escape '*?[\' on Unix and handle those chars
a bit differently on MS-Windows, add a test, check
before overwriting files
runtime(zip): small fixes for zip plugin
This does the following:
- verify the unzip plugin is executable when loading the autoload plugin
- handle extracting file names with '[*?\' in its name correctly by
escaping those characters for the unzip command (and handle those
characters a bit differently on MS-Windows, since the quoting is different)
- verify, that the extract plugin is not overwriting a file (could cause
a hang, because unzip asking for confirmation)
- add a test zip file which contains those special file names
fixes: #15505closes: #15519
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: ml_get error when scrolling after delete
Solution: mark topline to be validated in main_loop
if it is larger than current buffers line
count
reset_lnums() is called after e.g. TextChanged autocommands and it may
accidentally cause curwin->w_topline to become invalid, e.g. if the
autocommand has deleted some lines.
So verify that curwin->w_topline points to a valid line and if not, mark
the window to have w_topline recalculated in main_loop() in
update_topline() after reset_lnums() returns.
fixes: #13568fixes: #13578
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: With some regexp patterns the NFA engine uses many states and
becomes very slow. To the user it looks like Vim freezes.
Solution: When the number of states reaches a limit fall back to the old
engine. (Christian Brabandt)
