Problem: Cannot handle mouseclicks in the statusline
Solution: Add the %[FuncName] statusline item to define clickable
regions with a callback function. (Yasuhiro Matsumoto)
closes: #19841
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: MS-Windows: No OpenType font support
Solution: Allow specifying OpenType font features directly in 'guifont'
(Yasuhiro Matsumoto).
Allow specifying OpenType font features directly in 'guifont' using
the ':f' option (e.g., :set guifont=Cascadia_Code:h14:fss19=1:fcalt=0).
Each ':fXXXX=N' sets a single OpenType feature tag with a parameter
value. Multiple features can be specified by repeating the ':f' option.
This only takes effect when 'renderoptions' is set to use DirectWrite
(type:directx). Default features (calt, liga, clig, rlig, kern) are
preserved unless explicitly overridden.
closes: #19857
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: [security]: The netbeans defineAnnoType command passes typeName, fg and bg
unsanitized to coloncmd(), allowing a malicious server to inject
arbitrary Ex commands via '|'. Similarly, specialKeys does not
validate key tokens before building a map command.
Solution: Validate typeName, fg and bg against an allowlist of safe
characters before passing them to coloncmd()
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6
Supported by AI
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: channel: can bind to all network interfaces in ch_listen()
(after v9.2.0153)
Solution: Restrict to a valid hostname, do not allow to bind on all
network interfaces (Zdenek Dohnal).
This will prevent unintentional binding the process to public network
interfaces, and opening Vim to communication from outside network if
firewall allows it.
related: #19231
closes: #19799
Signed-off-by: Zdenek Dohnal <zdohnal@redhat.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: mismatch between return types and documentation
Solution: Fix documentation, update f_err_teapot() return type to void
(Hirohito Higashi)
- Fix summary table in builtin.txt: feedkeys, foreground, setcharsearch,
term_wait, test_void, wildtrigger, ch_sendraw from non-none to none;
listener_remove and prop_add from none to Number
- Fix err_teapot in evalfunc.c: ret_number_bool to ret_void
- Fix "Return type:" in detailed doc sections (64 functions across builtin.txt,
channel.txt, terminal.txt, popup.txt, testing.txt, textprop.txt) from wrong
types to void
- Add missing "Return type: void" for prompt_setcallback and prop_add_list
closes: #19922
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim9: void function return value inconsistent between
script and :def
Solution: Make void built-in functions like bufload() return void
consistently (Hirohito Higashi)
In Vim9 script, calling a void built-in function (e.g. bufload()) at the
script level did not set rettv to VAR_VOID, making it appear to return
0. Inside :def it correctly returned VAR_VOID and raised E1031. Set
rettv to VAR_VOID after calling a ret_void built-in function in Vim9
script so the behavior is consistent.
Also fix the documentation for bufload() and ch_logfile() to correctly
state that the return type is void.
closes: #19919
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The vimball plugin needs some love
(syndicate)
Solution: Clean-up, refactor and update the plugin,
in particular, catch path traversal attacks
This change does the following
- Clean up Indentation and remove calls to Decho
- Increase minimum Vim version to 7.4 for mkdir()
- Use mkdir() consistently
- Update Metadata Header
- Remove check for fnameescape()
- Catch path traversal attacks
- Add vimball basic tests
- Remove mentioning of g:vimball_mkdir in documentation
closes: #19921
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: runtime(zip): may write using absolute paths
(syndicate)
Solution: Detect this case and abort on Unix, warn in the documentation
about possible issues
Signed-off-by: Christian Brabandt <cb@256bit.org>
- Don't go over 78 columns.
- Change the first "and" to "or", as "or" is used below.
- Change "takes one" to "switches", as "one" may be mistaken as
referring to the command instead of the user.
- Use backticks in :h 'autowriteall' like in :h 'autowrite'.
closes: #19859
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Explain how stdin/stdout/stderr are connected in term_start():
- On Unix, they default to pty; only "err_cb" switches stderr to a pipe,
which may cause output order differences due to buffering.
- On MS-Windows with ConPTY, they are always pipes and stdout/stderr
share the same pipe, so "err_cb" cannot separate them.
related: #16354
Co-authored-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: system() and systemlist() only accept a String, requiring
manual shell escaping for arguments with special characters.
Solution: Accept a List as the first argument and execute the command
bypassing the shell (Yasuhiro Matsumoto).
fixes: #19789closes: #19791
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: json_decode() accepted keywords case-insensitively, violating
RFC 7159. Both json_decode() and js_decode() silently accepted
lone surrogates, which are invalid Unicode.
Solution: Only allow lowercase keyword in json_decode(), reject lone
surrogates, improve encoding performance in write_string() and
blob byte serialization.
1. Fix surrogate pair range check (0xDFFF -> 0xDBFF) so only high
surrogates trigger pair decoding. Reject lone surrogates that do
not form a valid pair instead of producing invalid UTF-8.
2. Use case-sensitive matching for JSON keywords (true, false, null,
NaN, Infinity) in json_decode() per RFC 7159. js_decode() retains
case-insensitive behavior.
3. Replace double ga_append() calls for escape sequences with single
GA_CONCAT_LITERAL() calls, halving function call and buffer growth
check overhead.
4. Replace vim_snprintf_safelen() for blob byte encoding (0-255) with
direct digit conversion.
closes: #19807
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: stack-overflow with deeply nested data in json_encode/decode()
(ZyX-I)
Solution: Add depth limit check using 'maxfuncdepth' to
json_encode_item() and json_decode_item() to avoid crash when
encoding/decoding deeply nested lists, dicts, or JSON arrays/objects,
fix typo in error name, add tests (Yasuhiro Matsumoto).
fixes: #588closes: #19808
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Option handling for key:value suboptions is limited
Solution: Improve :set+=, :set-= and :set^= for options that use
"key:value" pairs (Hirohito Higashi)
For comma-separated options with P_COLON (e.g., diffopt, listchars,
fillchars), :set += -= ^= now processes each comma-separated item
individually instead of treating the whole value as a single string.
For :set += and :set ^=:
- A "key:value" item where the key already exists with a different value:
the old item is replaced.
- An exact duplicate item is left unchanged.
- A new item is appended (+=) or prepended (^=).
For :set -=:
- A "key:value" or "key:" item removes by key match regardless of value.
- A non-colon item removes by exact match.
This also handles multiple non-colon items (e.g., :set
diffopt-=filler,internal) by processing each item individually, making
the behavior order-independent.
Previously, :set += simply appended the value, causing duplicate keys to
accumulate.
fixes: #18495closes: #19783
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: tests: Test_xxd tests are failing, after changing the xxd
manpage (after v9.2.0205)
Solution: Update the manpage, shorten the date and update the example,
regenerate the expected test output, skip the first 30 bytes
for the one of the xxd tests (Muraoka Taro)
Some of the Test_xxd tests depend on the contents of xxd.1. The patch
9.2.0205 changed xxd.1, but the test fixes were insufficient. The test
that dumps the beginning of xxd.1 and the test that reads 13 bytes
starting from byte 0x33 from the beginning were failing.
closes: #19763
Co-authored-by: James McCoy <jamessan@debian.org>
Signed-off-by: Muraoka Taro <koron.kaoriya@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: xxd: Cannot NUL terminate the C include file style
Solution: Add option -t to end output with terminating null
(Lukáš Jiřiště).
fixes: #14409closes: #19745
Signed-off-by: Lukáš Jiřiště <kyci@ljiriste.work>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: cscope: can escape from restricted mode (pyllyukko)
Solution: Disallow :cscope in restricted mode (like :grep),
add a tests for restricted mode using :grep and :cscope
closes: #19731
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: textprop: negative IDs and can cause a crash without "text"
(Paul Ollis)
Solution: Strictly reserve negative IDs for virtual text, ignore "id"
when "text" is provided in prop_add() (Hirohito Higashi).
When prop_add() was called with a negative id and no "text", the
property was stored with a negative tp_id. A subsequent call to
prop_list() or screen redraw would then treat it as a virtual text
property and dereference b_textprop_text.ga_data, which is NULL when
no virtual text properties exist.
Negative ids are reserved for virtual text properties, so always
reject them with E1293 regardless of whether virtual text properties
exist. Also, when "text" is specified any user-provided id is now
silently ignored and an internal negative id is assigned.
Remove the now-unnecessary did_use_negative_pop_id flag and E1339.
Update E1293's message and the documentation accordingly.
related: #19684
closes: #19741
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The "android" and "termux" feature flags have been shipped in
Termux's downstream vim / vim-gtk package for 5+ years but were
never properly documented in the downstream patch.
Solution: Upstream the "android" and "termux" feature flags into Vim as
decoupled feature flags, this enables the "android" feature in
particular to be available independently of the "termux"
feature for builds of Vim against the Android NDK, but not
including the Termux NDK patchset.
closes: #19623
Co-authored-by: Lethal Lisa <43791059+lethal-lisa@users.noreply.github.com>
Co-authored-by: shadmansaleh <13149513+shadmansaleh@users.noreply.github.com>
Signed-off-by: TomIO <tom@termux.dev>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When 'diffopt' does not include "internal", Vim attempts to
execute an external diff command even in restricted mode.
This could be used to bypass restricted mode.
Solution: Call check_restricted() in diff_file() before attempting to
execute an external diff (pyllyukko).
closes: #19696
Signed-off-by: pyllyukko <pyllyukko@maimed.org>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: When using 'diffopt=inline:word', lines were excessively
fragmented with punctuation creating separate highlight
blocks, making it harder to read the diffs.
Solution: Added 'diff_refine_inline_word_highlight()' to merge
adjacent diff blocks that are separated by small gaps of
non-word characters (up to 5 bytes by default) (HarshK97).
When using inline:word diff mode, adjacent changed words separated by
punctuation or whitespace are now merged into a single highlight block
if the gap between them contains fewer than 5 non-word characters.
This creates more readable diffs and closely matches GitHub's own diff
display.
closes: #19098
Signed-off-by: HarshK97 <harshkapse1234@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
When system() or systemlist() is called without :silent from a
statusline expression, autocommand, or timer callback, the terminal
is temporarily set to cooked mode, which re-enables ECHO on the tty.
If a terminal response (e.g. DECRPM for cursor blink mode) arrives
during this window, the tty driver echoes it to the screen, leaving
stray characters that require CTRL-L to remove.
This behavior was intentionally addressed in patch 7.4.427 by
skipping cooked mode when :silent is prepended. However, the
documentation only mentioned this for system() and did not cover
systemlist() at all. The guidance to use :silent in non-interactive
contexts (statusline, autocommands, timers) was also not explicit.
closes#19691
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Vim can only act as a channel client (ch_open). There is
no way for an external process to initiate a connection
to a running Vim instance using the Channel API.
Solution: Implement ch_listen() and the underlying server-side
socket logic. This allows Vim to listen on a port or
Unix domain socket. When a client connects, a new
channel is automatically created and passed to a
user-defined callback (Yasuhiro Matsumoto).
closes: #19231
Co-authored-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Problem: 'statuslineopt' is a global only option and configuring the
line height is limited.
Solution: Make 'statuslineopt' global-local to a window and allow to
configure a fixed-height height statusline per window
(Hirohito Higashi).
closes: #19622
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: termdebug :Break does not support `thread` and `if` arguments
Solution: extend :Break and :Tbreak to accept optional location, thread
{nr}, and if {expr} arguments (Yinzuo Jiang).
closes: #19613
Signed-off-by: Yinzuo Jiang <jiangyinzuo@foxmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
