vim-patch:7.4.1777

Problem:    Newly added features can escape the sandbox.
Solution:   Add checks for restricted and secure. (Yasuhiro Matsumoto)
3849992b16

timer_start is missing check_secure.

The timer callback can, for example, call a function defined from outside the sandbox that does
stuff that would be disallowed from inside the sandbox. This is usually not allowed.

Cherry-pick eval.txt change from:
68e6560b84

Required for v8.1.2013.

runtime/doc/eval.txt

@@ -10171,6 +10171,8 @@ timer_start({time}, {callback} [, {options}])
 				\ {'repeat': 3})
 <		This invokes MyHandler() three times at 500 msec intervals.
 
+		Not available in the |sandbox|.
+
 timer_stop({timer})					*timer_stop()*
 		Stop a timer.  The timer callback will no longer be invoked.
 		{timer} is an ID returned by timer_start(), thus it must be a

src/nvim/eval/funcs.c

@@ -11551,6 +11551,9 @@ static void f_timer_start(typval_T *argvars, typval_T *rettv, FunPtr fptr)
   dict_T *dict;
 
   rettv->vval.v_number = -1;
+  if (check_secure()) {
+    return;
+  }
 
   if (argvars[2].v_type != VAR_UNKNOWN) {
     if (argvars[2].v_type != VAR_DICT

test/functional/vimscript/timer_spec.lua

@@ -3,6 +3,7 @@ local Screen = require('test.functional.ui.screen')
 local feed, eq, eval, ok = helpers.feed, helpers.eq, helpers.eval, helpers.ok
 local source, nvim_async, run = helpers.source, helpers.nvim_async, helpers.run
 local clear, command, funcs = helpers.clear, helpers.command, helpers.funcs
+local exc_exec = helpers.exc_exec
 local curbufmeths = helpers.curbufmeths
 local load_adjust = helpers.load_adjust
 local retry = helpers.retry
@@ -262,4 +263,13 @@ describe('timers', function()
 
     eq(2, eval('g:val'))
   end)
+
+  it("timer_start can't be used in the sandbox", function()
+    source [[
+      function! Scary(timer) abort
+        call execute('echo ''execute() should be disallowed''', '')
+      endfunction
+    ]]
+    eq("Vim(call):E48: Not allowed in sandbox", exc_exec("sandbox call timer_start(0, 'Scary')"))
+  end)
 end)