Improve "g:NERDTreeQuickLook()"

The following improvements were made... - Use variable sigils - Shorten a local variable name - Prefer an early return over testing for a negative - Switch to single quotes - Call "shellescape()" to pass a command argument [IMPORTANT!] The final change is a critical fix for the security and reliability of this function (see ":h system()"). Similar fixes for the other functions in this script will follow.
2025-11-08 11:23:48 -05:00 · 2020-04-08 19:01:01 -04:00
parent 832bbaa729
commit 56cfbcff1e
1 changed files with 6 additions and 4 deletions
--- a/nerdtree_plugin/fs_menu.vim
+++ b/nerdtree_plugin/fs_menu.vim
@@ -388,10 +388,13 @@ endfunction

 " FUNCTION: NERDTreeQuickLook() {{{1
 function! NERDTreeQuickLook()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("qlmanage -p 2>/dev/null '" . treenode.path.str() . "'")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
    endif
+
+    call system('qlmanage -p 2>/dev/null ' . shellescape(l:node.path.str()))
 endfunction

 " FUNCTION: NERDTreeRevealInFinder() {{{1
@@ -428,4 +431,3 @@ function! NERDTreeExecuteFileLinux()
 endfunction

 " vim: set sw=4 sts=4 et fdm=marker:
-