patch 8.1.0538: evaluating a modeline might invoke using a shell command

brammool · brammool · commit 5958f95a40a4 · 2018-11-20T04:25:21.000+01:00
Problem:    Evaluating a modeline might invoke using a shell command. (Paul
            Huber)
Solution:   Set the sandbox flag when setting options from a modeline.
diff --git a/src/buffer.c b/src/buffer.c
@@ -5522,7 +5522,12 @@ chk_modeline(
 		current_sctx.sc_seq = 0;
 		current_sctx.sc_lnum = 0;
 #endif
+		// Make sure no risky things are executed as a side effect.
+		++sandbox;
+
 		retval = do_set(s, OPT_MODELINE | OPT_LOCAL | flags);
+
+		--sandbox;
 #ifdef FEAT_EVAL
 		current_sctx = save_current_sctx;
 #endif
diff --git a/src/version.c b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    538,
 /**/
     537,
 /**/
