r1280 - in /trunk/packages/vim-scripts: debian/changelog debian/patches/00list debian/patches/disabledby-securemodelines.dpatch debian/vim-scripts.status html/index.html html/plugin_securemodelines.vim.html plugin/securemodelines.vim
jamessan at users.alioth.debian.org
jamessan at users.alioth.debian.org
Thu Jul 24 00:43:38 UTC 2008
Author: jamessan
Date: Thu Jul 24 00:43:37 2008
New Revision: 1280
URL: http://svn.debian.org/wsvn/pkg-vim/?sc=1&rev=1280
Log:
Add securemodelines script and upload
Added:
trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch (with props)
trunk/packages/vim-scripts/html/plugin_securemodelines.vim.html
trunk/packages/vim-scripts/plugin/securemodelines.vim
Modified:
trunk/packages/vim-scripts/debian/changelog
trunk/packages/vim-scripts/debian/patches/00list
trunk/packages/vim-scripts/debian/vim-scripts.status
trunk/packages/vim-scripts/html/index.html
Modified: trunk/packages/vim-scripts/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/debian/changelog?rev=1280&op=diff
==============================================================================
--- trunk/packages/vim-scripts/debian/changelog (original)
+++ trunk/packages/vim-scripts/debian/changelog Thu Jul 24 00:43:37 2008
@@ -1,8 +1,11 @@
-vim-scripts (20080705-2) UNRELEASED; urgency=low
-
- * NOT RELEASED YET
-
- -- James Vega <jamessan at debian.org> Sat, 05 Jul 2008 10:03:35 -0400
+vim-scripts (20080722-1) unstable; urgency=low
+
+ * New addons:
+ - securemodelines: Secure, user-configurable modeline whitelisting.
+ * Add disabledby-securemodelines patch, which provides a means for
+ blacklisting the securemodelines plugin.
+
+ -- James Vega <jamessan at debian.org> Wed, 23 Jul 2008 20:41:29 -0400
vim-scripts (20080705-1) unstable; urgency=low
Modified: trunk/packages/vim-scripts/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/debian/patches/00list?rev=1280&op=diff
==============================================================================
--- trunk/packages/vim-scripts/debian/patches/00list (original)
+++ trunk/packages/vim-scripts/debian/patches/00list Thu Jul 24 00:43:37 2008
@@ -4,6 +4,7 @@
disabledby-info
disabledby-omnicppcomplete
disabledby-po
+disabledby-securemodelines
disabledby-supertab
disabledby-tetris
disabledby-themes
Added: trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch?rev=1280&op=file
==============================================================================
--- trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch (added)
+++ trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch Thu Jul 24 00:43:37 2008
@@ -1,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## disabledby-securemodelines.dpatch by James Vega <jamessan at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad vim-scripts~/plugin/securemodelines.vim vim-scripts/plugin/securemodelines.vim
+--- vim-scripts~/plugin/securemodelines.vim 2008-07-22 19:03:09.000000000 -0400
++++ vim-scripts/plugin/securemodelines.vim 2008-07-22 19:31:48.000000000 -0400
+@@ -11,6 +11,11 @@
+ finish
+ endif
+
++if exists("g:loaded_securemodelines")
++ finish
++endif
++let g:loaded_securemodelines = 1
++
+ if (! exists("g:secure_modelines_allowed_items"))
+ let g:secure_modelines_allowed_items = [
+ \ "textwidth", "tw",
Propchange: trunk/packages/vim-scripts/debian/patches/disabledby-securemodelines.dpatch
------------------------------------------------------------------------------
svn:executable = *
Modified: trunk/packages/vim-scripts/debian/vim-scripts.status
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/debian/vim-scripts.status?rev=1280&op=diff
==============================================================================
--- trunk/packages/vim-scripts/debian/vim-scripts.status (original)
+++ trunk/packages/vim-scripts/debian/vim-scripts.status Thu Jul 24 00:43:37 2008
@@ -410,6 +410,16 @@
extras: doc/snippets_emu.txt after/ftplugin/actionscript_snippets.vim after/ftplugin/aspvbs_snippets.vim after/ftplugin/c_snippets.vim after/ftplugin/css_snippets.vim after/ftplugin/django_model_snippets.vim after/ftplugin/django_template_snippets.vim after/ftplugin/f-script_snippets.vim after/ftplugin/haskell_snippets.vim after/ftplugin/html_snippets.vim after/ftplugin/java_snippets.vim after/ftplugin/javascript_snippets.vim after/ftplugin/latex_snippets.vim after/ftplugin/logo_snippets.vim after/ftplugin/markdown_snippets.vim after/ftplugin/movable_type_snippets.vim after/ftplugin/objc_snippets.vim after/ftplugin/ocaml_snippets.vim after/ftplugin/perl_snippets.vim after/ftplugin/php_snippets.vim after/ftplugin/phpdoc_snippets.vim after/ftplugin/propel_snippets.vim after/ftplugin/python_snippets.vim after/ftplugin/rails_snippets.vim after/ftplugin/ruby_snippets.vim after/ftplugin/sh_snippets.vim after/ftplugin/slate_snippets.vim after/ftplugin/smarty_snippets.vim after/ftplugin/symfony_snippets.vim after/ftplugin/tcl_snippets.vim after/ftplugin/template_toolkit_snippets.vim after/ftplugin/tex_snippets.vim after/ftplugin/xhtml_snippets.vim
disabledby: let loaded_snippet = 1
version: 1.2.3
+
+script_name: plugin/securemodelines.vim
+addon: secure-modelines
+description: secure, user-configurable modeline support
+script_url: http://www.vim.org/scripts/script.php?script_id=1876
+author: Ciaran McCreesh
+author_url: http://www.vim.org/account/profile.php?user_id=4078
+email: ciaran.mccreesh at googlemail.com
+license: Vim's license [4], see below
+version: 20080424
--
Modified: trunk/packages/vim-scripts/html/index.html
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/html/index.html?rev=1280&op=diff
==============================================================================
--- trunk/packages/vim-scripts/html/index.html (original)
+++ trunk/packages/vim-scripts/html/index.html Thu Jul 24 00:43:37 2008
@@ -34,6 +34,7 @@
<li><a href="plugin_lbdbq.vim.html">plugin/lbdbq.vim.html</a></li>
<li><a href="plugin_minibufexpl.vim.html">plugin/minibufexpl.vim.html</a></li>
<li><a href="plugin_project.vim.html">plugin/project.vim.html</a></li>
+ <li><a href="plugin_securemodelines.vim.html">plugin/securemodelines.vim.html</a></li>
<li><a href="plugin_snippetsEmu.vim.html">plugin/snippetsEmu.vim.html</a></li>
<li><a href="plugin_sokoban.vim.html">plugin/sokoban.vim.html</a></li>
<li><a href="plugin_supertab.vim.html">plugin/supertab.vim.html</a></li>
@@ -50,7 +51,7 @@
<li><a href="syntax_mkd.vim.html">syntax/mkd.vim.html</a></li>
</ul>
<p>
- Page generated on Fri, 04 Jul 2008 22:05:48 -0400
+ Page generated on Tue, 22 Jul 2008 19:18:21 -0400
.
</p>
</body>
Added: trunk/packages/vim-scripts/html/plugin_securemodelines.vim.html
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/html/plugin_securemodelines.vim.html?rev=1280&op=file
==============================================================================
--- trunk/packages/vim-scripts/html/plugin_securemodelines.vim.html (added)
+++ trunk/packages/vim-scripts/html/plugin_securemodelines.vim.html Thu Jul 24 00:43:37 2008
@@ -1,0 +1,296 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+
+<head>
+ <link rel="Stylesheet" type="text/css" href="/css/style.css" >
+ <title>securemodelines - Secure, user-configurable modeline support : vim online</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+ <meta name="KEYWORDS" content="Vim, Vi IMproved, text editor, home, documentation, tips, scripts, news">
+ <link rel="shortcut icon" type="image/x-icon" href="/images/vim_shortcut.ico">
+</head>
+
+<body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" bgcolor="#ffffff">
+
+<!-- HEADER, SPONSOR IMAGE, VIM IMAGE AND BOOK AD -->
+<table width="100%" cellpadding="0" cellspacing="0" border="0" bordercolor="red">
+ <tr>
+ <td colspan="4" class="lightbg"><img src="/images/spacer.gif" width="1" height="5" alt=""></td>
+ </tr>
+ <tr>
+ <td class="lightbg"> </td>
+ <td class="lightbg" align="left"><a href="/sponsor/index.php"><img src="/images/sponsorvim.gif" alt="sponsor Vim development" border="0"></a></td>
+ <td class="lightbg" align="center"><a href="/index.php"><img src="/images/vim_header.gif" border="0" alt="Vim logo"></a></td>
+ <td class="lightbg" align="right"><a href="http://iccf-holland.org/click5.html"><img src="/images/buyhelplearn.gif" alt="Vim Book Ad" border="0"></a></td>
+ </tr>
+ <tr>
+ <td colspan="4" class="lightbg"><img src="/images/spacer.gif" width="1" height="5" alt=""></td>
+ </tr>
+ <tr>
+ <td colspan="4" class="darkbg"><img src="/images/spacer.gif" width="1" height="10" alt=""></td>
+ </tr>
+</table>
+<!-- THE PAGE BODY: BETWEEN HEADER AND FOOTER -->
+
+<table cellpadding="0" cellspacing="0" border="0" width="100%">
+ <col width="180">
+ <col width="1">
+
+ <tr valign="top">
+ <td class="sidebar">
+ <table width="180" cellpadding="4" cellspacing="0" border="0">
+ <tr valign="top">
+ <td class="sidebar">
+
+<!-- INCLUDE THE PAGE NAVIGATION -->
+<table width="100%" cellpadding="0" cellspacing="0" border="0" bordercolor="red">
+ <tr>
+ <td><small>not logged in (<a href="/login.php">login</a>)</small></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="1"></td>
+ </tr>
+ <tr>
+ <td class="darkbg"><img src="/images/spacer.gif" alt='' border="0" height="3"></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="2"></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/index.php">Home</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/search.php">Search</a></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="checker"><img src="/images/spacer.gif" alt='' border="0" height="1"></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/about.php">About Vim</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/community.php">Community</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/news/news.php">News</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/sponsor/index.php">Sponsoring</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/trivia.php">Trivia</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/docs.php">Documentation</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/download.php">Download</a></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="checker"><img src="/images/spacer.gif" alt='' border="0" height="1"></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/scripts/index.php">Scripts</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/tips/index.php">Tips</a></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/account/index.php">My Account</a></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="checker"><img src="/images/spacer.gif" alt='' border="0" height="1"></td>
+ </tr>
+ <tr>
+ <td><img src="/images/spacer.gif" alt="" border="0" width="1" height="7"></td>
+ </tr>
+ <tr>
+ <td class="sidebarheader"><a href="/huh.php">Site Help</a></td>
+ </tr>
+</table>
+
+ <table width="172" cellpadding="0" cellspacing="0" border="0">
+ <tr><td><img src="/images/spacer.gif" alt="" border="0" width="1" height="8"></td></tr>
+ <tr><td class="darkbg"><img src="/images/spacer.gif" width="1" height="3" alt=""></td></tr>
+ </table>
+ <br>
+
+<!-- INCLUDE THE PAGE SIDEBAR TEXT -->
+
+
+ </td>
+ </tr>
+ </table>
+ </td>
+
+ <td class="darkbg"><img src="/images/spacer.gif" width="1" height="1" border="0" alt=""><br></td>
+ <td>
+ <table width="100%" cellpadding="10" cellspacing="0" border="0" bordercolor="red">
+ <tr>
+ <td valign="top">
+
+<span class="txth1">securemodelines : Secure, user-configurable modeline support</span>
+
+<br>
+<br>
+
+<!-- karma table -->
+<table cellpadding="4" cellspacing="0" border="1" bordercolor="#000066">
+<tr>
+ <td class="lightbg"><b> script karma </b></td>
+ <td>
+ Rating <b>24/9</b>,
+ Downloaded by 346 </td>
+</tr>
+</table>
+<p>
+
+<table cellspacing="0" cellpadding="0" border="0">
+<tr><td class="prompt">created by</td></tr>
+<tr><td><a href="/account/profile.php?user_id=4078">Ciaran McCreesh</a></td></tr>
+<tr><td> </td></tr>
+<tr><td class="prompt">script type</td></tr>
+<tr><td>utility</td></tr>
+<tr><td> </td></tr>
+<tr><td class="prompt">description</td></tr>
+<tr><td>Secure, user-configurable modeline support for Vim 7.
<br>
<br>Vim's internal modeline support allows all sorts of annoying and potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set.
<br>
<br>The g:secure_modelines_allowed_items array contains allowable options. By default it is set as follows:
<br>
<br> let g:secure_modelines_allowed_items = [
<br> \ "textwidth", "tw",
<br> \ "softtabstop", "sts",
<br> \ "tabstop", "ts",
<br> \ "shiftwidth", "sw",
<br> \ "expandtab", "et", "noexpandtab", "noet",
<br> \ "filetype", "ft",
<br> \ "foldmethod", "fdm",
<br> \ "readonly", "ro", "noreadonly", "noro",
<br> \ "rightleft", "rl", "norightleft", "norl"
<br> \ ]
<br>
<br>The g:secure_modelines_verbose option, if set to something true, will make the script warn when a modeline attempts to set any other option.
<br>
<br>The g:secure_modelines_modelines option overrides the number of lines to check. By default it is 5.
<br>
<br>If g:secure_modelines_leave_modeline is defined, the script will not clobber &modeline. Otherwise &modeline will be unset.</td></tr>
+<tr><td> </td></tr>
+<tr><td class="prompt">install details</td></tr>
+<tr><td>Install into your plugin directory of choice.</td></tr>
+<tr><td> </td></tr>
+</table>
+
+<!-- rating table -->
+<form name="rating">
+<input type="hidden" name="script_id" value="1876">
+<table cellpadding="4" cellspacing="0" border="1" bordercolor="#000066">
+<tr>
+ <td class="lightbg"><b>rate this script</b></td>
+ <td valign="middle">
+ <input type="radio" name="rating" value="life_changing">Life Changing
+ <input type="radio" name="rating" value="helpful">Helpful
+ <input type="radio" name="rating" value="unfulfilling">Unfulfilling
+ <input type="submit" value="rate">
+ </td>
+</tr>
+</table>
+</form>
+<span class="txth2">script versions</span> (<a href="add_script_version.php?script_id=1876">upload new version</a>)
+<p>
+Click on the package to download.
+<p>
+
+<table cellspacing="2" cellpadding="4" border="0" width="100%">
+<tr class='tableheader'>
+ <th valign="top">package</th>
+ <th valign="top">script version</th>
+ <th valign="top">date</th>
+ <th valign="top">Vim version</th>
+ <th valign="top">user</th>
+ <th valign="top">release notes</th>
+</tr>
+<tr>
+ <td class="rowodd" valign="top" nowrap><a href="download_script.php?src_id=8598">securemodelines.vim</a></td>
+ <td class="rowodd" valign="top" nowrap><b>20080424</b></td>
+ <td class="rowodd" valign="top" nowrap><i>2008-04-24</i></td>
+ <td class="rowodd" valign="top" nowrap>7.0</td>
+ <td class="rowodd" valign="top"><i><a href="/account/profile.php?user_id=4078">Ciaran McCreesh</a></i></td>
+ <td class="rowodd" valign="top" width="2000">Two tweaks, thanks to Christian J. Robinson: Make the messages it echoes end up in the :messages history. Modelines of the format "vim: set ...:" can also be be "vim:set ...:".</td>
+</tr>
+<tr>
+ <td class="roweven" valign="top" nowrap><a href="download_script.php?src_id=7142">securemodelines.vim</a></td>
+ <td class="roweven" valign="top" nowrap><b>20070518</b></td>
+ <td class="roweven" valign="top" nowrap><i>2007-05-18</i></td>
+ <td class="roweven" valign="top" nowrap>7.0</td>
+ <td class="roweven" valign="top"><i><a href="/account/profile.php?user_id=4078">Ciaran McCreesh</a></i></td>
+ <td class="roweven" valign="top" width="2000">The number of lines to search is now controllable via let g:secure_modelines_modelines=5. If g:secure_modelines_leave_modeline is defined, the internal &modeline variable will be left alone. Previously only one line at the end of the document would be searched for modelines. This is now fixed, thanks to Thomas de Grenier de Latour. The <SID>DoModelines function can now be accessed externally via SecureModelines_DoModelines.</td>
+</tr>
+<tr>
+ <td class="rowodd" valign="top" nowrap><a href="download_script.php?src_id=7104">securemodelines.vim</a></td>
+ <td class="rowodd" valign="top" nowrap><b>20070513</b></td>
+ <td class="rowodd" valign="top" nowrap><i>2007-05-13</i></td>
+ <td class="rowodd" valign="top" nowrap>7.0</td>
+ <td class="rowodd" valign="top"><i><a href="/account/profile.php?user_id=4078">Ciaran McCreesh</a></i></td>
+ <td class="rowodd" valign="top" width="2000">Modelines with no set: are now parsed correctly. rightleft is now included in the default allowed options, for help files. Builtin modelines are now forcibly disabled.
<br></td>
+</tr>
+<tr>
+ <td class="roweven" valign="top" nowrap><a href="download_script.php?src_id=7038">securemodelines.vim</a></td>
+ <td class="roweven" valign="top" nowrap><b>20070409</b></td>
+ <td class="roweven" valign="top" nowrap><i>2007-04-29</i></td>
+ <td class="roweven" valign="top" nowrap>7.0</td>
+ <td class="roweven" valign="top"><i><a href="/account/profile.php?user_id=4078">Ciaran McCreesh</a></i></td>
+ <td class="roweven" valign="top" width="2000">Initial upload</td>
+</tr>
+</table>
+<!-- finish off the framework -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+
+<!-- END OF THE PAGE BODY: BETWEEN HEADER AND FOOTER -->
+
+<table width="100%" cellpadding="0" cellspacing="0" border="0" bordercolor="red">
+ <tr><td colspan="4"><img src="/images/spacer.gif" width="1" height="5" alt=""></td></tr>
+ <tr><td colspan="4" bgcolor="#000000"><img src="/images/spacer.gif" height="2" width="1" alt=""></td></tr>
+ <tr><td colspan="4"><img src="/images/spacer.gif" width="1" height="5" alt=""></td></tr>
+ <tr>
+ <td><img src="/images/spacer.gif" width="5" height="1" alt=""></td>
+
+ <td align="left" valign="top"><small>
+ If you have questions or remarks about this site, visit the
+ <a href="http://vimonline.sf.net">vimonline development</a> pages.
+ Please use this site responsibly.
+ <br>
+
+ Questions about <a href="http://www.vim.org/about.php">Vim</a> should go
+ to the <a href="http://www.vim.org/maillist.php">maillist</a>.
+ Help Bram <a href="http://iccf-holland.org/">help Uganda</a>.
+ </small>
+
+
+
+ <!-- Start of StatCounter Code -->
+ <script type="text/javascript" language="javascript">
+ var sc_project=1417324;
+ var sc_invisible=1;
+ var sc_partition=11;
+ var sc_security="d41633bc";
+ </script>
+
+ <script type="text/javascript" language="javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><a href="http://www.statcounter.com/" target="_blank"><img src="http://c12.statcounter.com/counter.php?sc_project=1417324&java=0&security=d41633bc&invisible=0" alt="free tracking" border="0"></a> </noscript>
+ <!-- End of StatCounter Code -->
+ </td>
+
+ <td align="right" valign="top">
+ <a href="http://sourceforge.net" rel="nofollow"><img src="http://sflogo.sourceforge.net/sflogo.php?group_id=8&type=1" width="88" height="31" border="0" alt="SourceForge.net Logo" /></a>
+ </td>
+
+ <td><img src="/images/spacer.gif" width="5" height="1" alt=""></td>
+ </tr>
+
+
+ <tr><td colspan="4"><img src="/images/spacer.gif" width="1" height="5" alt=""></td>
+
+ </tr>
+</table>
+
+</body>
+</html>
+
Added: trunk/packages/vim-scripts/plugin/securemodelines.vim
URL: http://svn.debian.org/wsvn/pkg-vim/trunk/packages/vim-scripts/plugin/securemodelines.vim?rev=1280&op=file
==============================================================================
--- trunk/packages/vim-scripts/plugin/securemodelines.vim (added)
+++ trunk/packages/vim-scripts/plugin/securemodelines.vim Thu Jul 24 00:43:37 2008
@@ -1,0 +1,149 @@
+" vim: set sw=4 sts=4 et ft=vim :
+" Script: securemodelines.vim
+" Version: 20070518
+" Author: Ciaran McCreesh <ciaranm at ciaranm.org>
+" Homepage: http://ciaranm.org/tag/securemodelines
+" Requires: Vim 7
+" License: Redistribute under the same terms as Vim itself
+" Purpose: A secure alternative to modelines
+
+if &compatible || v:version < 700
+ finish
+endif
+
+if (! exists("g:secure_modelines_allowed_items"))
+ let g:secure_modelines_allowed_items = [
+ \ "textwidth", "tw",
+ \ "softtabstop", "sts",
+ \ "tabstop", "ts",
+ \ "shiftwidth", "sw",
+ \ "expandtab", "et", "noexpandtab", "noet",
+ \ "filetype", "ft",
+ \ "foldmethod", "fdm",
+ \ "readonly", "ro", "noreadonly", "noro",
+ \ "rightleft", "rl", "norightleft", "norl",
+ \ "spell",
+ \ "spelllang"
+ \ ]
+endif
+
+if (! exists("g:secure_modelines_verbose"))
+ let g:secure_modelines_verbose = 0
+endif
+
+if (! exists("g:secure_modelines_modelines"))
+ let g:secure_modelines_modelines=5
+endif
+
+if (! exists("g:secure_modelines_leave_modeline"))
+ if &modeline
+ set nomodeline
+ if g:secure_modelines_verbose
+ echohl WarningMsg
+ echomsg "Forcibly disabling internal modelines for securemodelines.vim"
+ echohl None
+ endif
+ endif
+endif
+
+fun! <SID>IsInList(list, i) abort
+ for l:item in a:list
+ if a:i == l:item
+ return 1
+ endif
+ endfor
+ return 0
+endfun
+
+fun! <SID>DoOne(item) abort
+ let l:matches = matchlist(a:item, '^\([a-z]\+\)\%(=[a-zA-Z0-9_\-.]\+\)\?$')
+ if len(l:matches) > 0
+ if <SID>IsInList(g:secure_modelines_allowed_items, l:matches[1])
+ exec "setlocal " . a:item
+ elseif g:secure_modelines_verbose
+ echohl WarningMsg
+ echomsg "Ignoring '" . a:item . "' in modeline"
+ echohl None
+ endif
+ endif
+endfun
+
+fun! <SID>DoNoSetModeline(line) abort
+ for l:item in split(a:line, '[ \t:]')
+ call <SID>DoOne(l:item)
+ endfor
+endfun
+
+fun! <SID>DoSetModeline(line) abort
+ for l:item in split(a:line)
+ call <SID>DoOne(l:item)
+ endfor
+endfun
+
+fun! <SID>CheckVersion(op, ver) abort
+ if a:op == "="
+ return v:version != a:ver
+ elseif a:op == "<"
+ return v:version < a:ver
+ elseif a:op == ">"
+ return v:version >= a:ver
+ else
+ return 0
+ endif
+endfun
+
+fun! <SID>DoModeline(line) abort
+ let l:matches = matchlist(a:line, '\%(\S\@<!\%(vi\|vim\([<>=]\?\)\([0-9]\+\)\?\)\|\sex\):\s*set\?\s\+\([^:]\+\):\S\@!')
+ if len(l:matches) > 0
+ let l:operator = ">"
+ if len(l:matches[1]) > 0
+ let l:operator = l:matches[1]
+ endif
+ if len(l:matches[2]) > 0
+ if <SID>CheckVersion(l:operator, l:matches[2]) ? 0 : 1
+ return
+ endif
+ endif
+ return <SID>DoSetModeline(l:matches[3])
+ endif
+
+ let l:matches = matchlist(a:line, '\%(\S\@<!\%(vi\|vim\([<>=]\?\)\([0-9]\+\)\?\)\|\sex\):\(.\+\)')
+ if len(l:matches) > 0
+ let l:operator = ">"
+ if len(l:matches[1]) > 0
+ let l:operator = l:matches[1]
+ endif
+ if len(l:matches[2]) > 0
+ if <SID>CheckVersion(l:operator, l:matches[2]) ? 0 : 1
+ return
+ endif
+ endif
+ return <SID>DoNoSetModeline(l:matches[3])
+ endif
+endfun
+
+fun! <SID>DoModelines() abort
+ if line("$") > g:secure_modelines_modelines
+ let l:lines={ }
+ call map(filter(getline(1, g:secure_modelines_modelines) +
+ \ getline(line("$") - g:secure_modelines_modelines, "$"),
+ \ 'v:val =~ ":"'), 'extend(l:lines, { v:val : 0 } )')
+ for l:line in keys(l:lines)
+ call <SID>DoModeline(l:line)
+ endfor
+ else
+ for l:line in getline(1, "$")
+ call <SID>DoModeline(l:line)
+ endfor
+ endif
+endfun
+
+fun! SecureModelines_DoModelines() abort
+ call <SID>DoModelines()
+endfun
+
+aug SecureModeLines
+ au!
+ au BufRead * :call <SID>DoModelines()
+aug END
+
More information about the pkg-vim-maintainers
mailing list