From 23a971da506249fc8388f06cd5c011b83406ac5c Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 4 Apr 2023 22:04:53 +0100
Subject: [PATCH] patch 9.0.1440: "rvim" can execute a shell through :diffpatch

Problem:    "rvim" can execute a shell through :diffpatch.
Solution:   Disallow the shell "patch" command.
---
 src/diff.c                    |  6 +++++-
 src/testdir/test_diffmode.vim | 15 +++++++++++++++
 src/version.c                 |  2 ++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/diff.c b/src/diff.c
index a46f0bf81e7fb..1873767106b41 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -1310,6 +1310,9 @@ ex_diffpatch(exarg_T *eap)
     else
 #endif
     {
+	if (check_restricted())
+	    goto theend;
+
 	// Build the patch command and execute it.  Ignore errors.  Switch to
 	// cooked mode to allow the user to respond to prompts.
 	vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
@@ -1380,7 +1383,8 @@ ex_diffpatch(exarg_T *eap)
 
 		    // Do filetype detection with the new name.
 		    if (au_has_group((char_u *)"filetypedetect"))
-			do_cmdline_cmd((char_u *)":doau filetypedetect BufRead");
+			do_cmdline_cmd(
+				     (char_u *)":doau filetypedetect BufRead");
 		}
 	    }
 	}
diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
index d60de5046c0aa..cb042e115ad77 100644
--- a/src/testdir/test_diffmode.vim
+++ b/src/testdir/test_diffmode.vim
@@ -736,6 +736,21 @@ func Test_diffpatch()
   bwipe!
 endfunc
 
+" FIXME: test fails, the Xresult file can't be read
+func No_Test_diffpatch_restricted()
+  let lines =<< trim END
+    call assert_fails('diffpatch NoSuchDiff', 'E145:')
+
+    call writefile(v:errors, 'Xresult')
+    qa!
+  END
+  call writefile(lines, 'Xrestricted', 'D')
+  if RunVim([], [], '-Z --clean -S Xrestricted')
+    call assert_equal([], readfile('Xresult'))
+  endif
+  call delete('Xresult')
+endfunc
+
 func Test_diff_too_many_buffers()
   for i in range(1, 8)
     exe "new Xtest" . i
diff --git a/src/version.c b/src/version.c
index 5cace2e388578..853ea5f181dfb 100644
--- a/src/version.c
+++ b/src/version.c
@@ -695,6 +695,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1440,
 /**/
     1439,
 /**/