From 5ec772a6c389958cf831e5cf4ebe25aebb6b8d8e Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 22 May 2019 22:38:25 +0200
Subject: [PATCH] patch 8.1.1365: source command doesn't check for the sandbox

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
---
 src/getchar.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/getchar.c b/src/getchar.c
index 679eae1..8c4b2b4 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1433,6 +1433,12 @@ openscript(
 	EMSG(_(e_nesting));
 	return;
     }
+
+    // Disallow sourcing a file in the sandbox, the commands would be executed
+    // later, possibly outside of the sandbox.
+    if (check_secure())
+	return;
+
 #ifdef FEAT_EVAL
     if (ignore_script)
 	/* Not reading from script, also don't open one.  Warning message? */
-- 
1.8.3.1