m-vim_plugins/nerdtree
1
0
Fork 0
mirror of https://github.com/preservim/nerdtree.git synced 2025-11-12 05:13:50 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add missing calls to the shellescape() function (#1099)

Browse Source 
* Improve "g:NERDTreeQuickLook()"

The following improvements were made...

  - Use variable sigils
  - Shorten a local variable name
  - Prefer an early return over testing for a negative
  - Switch to single quotes
  - Call "shellescape()" to pass a command argument [IMPORTANT!]

The final change is a critical fix for the security and reliability
of this function (see ":h system()").

Similar fixes for the other functions in this script will follow.

* Improve "g:NERDTreeRevealInFinder()"

This commit makes several style improvements and adds a missing call
to the "shellescape()" function.

See also: 56cfbcff1e

* Improve "g:NERDTreeExecuteFile()"

Refer to: 56cfbcff1e

* Improve "g:NERDTreeRevealFileLinux()"

Refer to: 56cfbcff1e

* Improve "g:NERDTreeExecuteFileLinux()"

Refer to: 56cfbcff1e

* Properly reveal "/" on Linux

This commit handles the edge case where a user invokes the "reveal"
function on "/" on a Linux box.  There is nothing to do but open the
root directory itself since "/" has no parent.

* Update the "CHANGELOG.md" file

* Add final missing "shellescape()" calls

I initially thought that there were several more locations where
a call to "shellescape()" was required but omitted.  However, there
are only two.  I suppose I should have taken the time to look.

Fixing these was easy.  I would be surprised if this change breaks
anything on the user side.

* Update the "CHANGELOG.md" file (again)

Use a more fitting description of the change...
This commit is contained in:
lifecrisis
2020-04-09 21:37:55 -04:00
committed by GitHub
parent 832bbaa729
commit f767dd34a0
3 changed files with 42 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/nerdtree/path.vim
View File

@@ -199,7 +199,7 @@ function! s:Path.copy(dest)
let cmd_prefix = (self.isDirectory ? g:NERDTreeCopyDirCmd : g:NERDTreeCopyFileCmd)
endif
let cmd = cmd_prefix . ' ' . escape(self.str(), self._escChars()) . ' ' . escape(a:dest, self._escChars())
let cmd = cmd_prefix . ' ' . shellescape(self.str()) . ' ' . shellescape(a:dest)
let success = system(cmd)
if v:shell_error !=# 0
throw "NERDTree.CopyError: Could not copy '". self.str() ."' to: '" . a:dest . "'"