This commit prevents specially crafted modelines from making the
editor execute arbitrary Kakoune commands.
By using a tabulation character as a separator, commands can be
injected in the value of the options listed in the modeline. For
example:
# kak: tabstop=2;set-option buffer pwned yes
Fixes#3735.
This commit addresses an off-by-one error that selected `modelines`+1
lines when looking for modelines in a buffer.
Note that setting `modelines` to 0 will still select one line.
Fixes#3733.
This adds two things I forgot in
9a7d8df4 (Avoid accidentally using environment variables in sh scopes)
Mea culpa, the problem was that I was skipping matches with "filetype"
because that's usually just a hook parameter as in "WinSetOption filetype=.."
rg --pcre2 '\b(?!filetype=)\w+=' rc/
So I missed these two cases where a shell variable is actually called "filetype".
The one in git.kak was not a problem because show_git_cmd_output is only
ever called with sane inputs. However, file.kak does use the filetype
environment variable for many mime types, for example:
filetype=somefiletype\''; echo -debug injection; nop '\' kak /dev/null
Will run the echo since /dev/null has mime type "inode/chardevice"
Similarly to the <semicolon> key, make it easier to write
`:execute-keys` commands by replacing <percent> with `%`.
Highlighters can keep escaping the sign when regular expressions are
not quoted, but built-in scripts that use `%` as an editing primitive
have been modified to use the named key, for clarity.
The -i flag on Mac OS means:
჻ man file | grep -i -- -i
-i If the file is a regular file, do not classify its contents.
The --mime-type option is (mostly) portable:
- Linux uses --mime-type
- macOS uses --mime-type
- FreeBSD uses --mime-type
- NetBSD uses --mime-type
- OpenBSD uses --mime-type and does not use the same implementation as everybody else
- Solaris does not support MIME types at all
Check if buffile is a full path by checking for the beginning
'/' character in editorconfig-load command. This avoids a parsing
error from feeding a *scratch*/*debug*/*grep*/etc. buffer name to the
editorcofig command. Don't clear editorconfig hooks until after checking
for a valid bufffile path. This way, opening the *debug* buffer will
not clear the hooks from a previously parsed .editorconfig file. If
trim_trailing_whitespace is true, print the hook directly from awk. This
removes the need to save a editorcofig_trim_trailing_whitespace option.
Note: Setting the max_line_length requires a window to be created.
Therefore, a global hook to load .editorconfig settings should be:
hook global WinCreate .* %{editorconfig-load}
