mirrors/nerdtree
3
0
Fork 0
mirror of https://github.com/preservim/nerdtree.git synced 2024-10-18 13:50:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improve "g:NERDTreeQuickLook()"

Browse Source 
The following improvements were made...

  - Use variable sigils
  - Shorten a local variable name
  - Prefer an early return over testing for a negative
  - Switch to single quotes
  - Call "shellescape()" to pass a command argument [IMPORTANT!]

The final change is a critical fix for the security and reliability
of this function (see ":h system()").

Similar fixes for the other functions in this script will follow.
This commit is contained in:
lifecrisis 2020-04-08 19:01:01 -04:00
parent 832bbaa729
commit 56cfbcff1e
No known key found for this signature in database
GPG Key ID: 7D5830D97E07E220
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nerdtree_plugin/fs_menu.vim
View File

@ -388,10 +388,13 @@ endfunction
" FUNCTION: NERDTreeQuickLook() {{{1
function! NERDTreeQuickLook()
let treenode = g:NERDTreeFileNode.GetSelected()
if treenode !=# {}
call system("qlmanage -p 2>/dev/null '" . treenode.path.str() . "'")
let l:node = g:NERDTreeFileNode.GetSelected()
if empty(l:node)
return
endif
call system('qlmanage -p 2>/dev/null ' . shellescape(l:node.path.str()))
endfunction
" FUNCTION: NERDTreeRevealInFinder() {{{1
@ -428,4 +431,3 @@ function! NERDTreeExecuteFileLinux()
endfunction
" vim: set sw=4 sts=4 et fdm=marker: