From e4ca1656f6bd08a9348a403f8e63b4bffb02bfc2 Mon Sep 17 00:00:00 2001
From: "Justin M. Keyes" <justinkz@gmail.com>
Date: Wed, 29 May 2019 00:33:22 +0200
Subject: [PATCH 6/9] vim-patch:8.1.1365: :source should check sandbox #10082

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040

(cherry picked from commit 4553fc5e6cb6c8c43f57c173d01b31a61e51d13f)

Signed-off-by: James McCoy <jamessan@debian.org>
---
 src/nvim/getchar.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
index ab52ee037..a74f6f3fc 100644
--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -1236,6 +1236,13 @@ openscript (
     EMSG(_(e_nesting));
     return;
   }
+
+  // Disallow sourcing a file in the sandbox, the commands would be executed
+  // later, possibly outside of the sandbox.
+  if (check_secure()) {
+    return;
+  }
+
   if (ignore_script)
     /* Not reading from script, also don't open one.  Warning message? */
     return;