startup: allow reading nanorc in restricted mode, to permit customization

Move the unsetting of some options further down, to prevent the user's nanorc enabling things that are not permitted in restricted mode. Also, in restricted mode, suppress error messages about functions not being present in the requested menus, so that a nanorc that is valid in normal mode does not cause unnecessary messages when using --restricted. This fulfills https://savannah.gnu.org/bugs/?54732. Requested-by: Mark Webb-Johnson <mark@webb-johnson.net>
2018-09-26 21:20:18 +02:00 · 2018-09-26 21:20:18 +02:00 · 5ca444e5df
parent d245b07c25
commit 5ca444e5df
2 changed files with 15 additions and 15 deletions
--- a/src/nano.c
+++ b/src/nano.c
@ -2311,19 +2311,6 @@ int main(int argc, char **argv)
 		}
 	}

-	/* If we're using restricted mode, disable suspending, backups,
-	 * rcfiles, and history files, since they all would allow reading
-	 * from or writing to files not specified on the command line. */
-	if (ISSET(RESTRICTED)) {
-		UNSET(SUSPEND);
-		UNSET(BACKUP_FILE);
-#ifdef ENABLE_NANORC
-		no_rcfiles = TRUE;
-		UNSET(HISTORYLOG);
-		UNSET(POS_HISTORY);
-#endif
-	}
-
 	/* Set up the function and shortcut lists.  This needs to be done
 	 * before reading the rcfile, to be able to rebind/unbind keys. */
 	shortcut_init();
@ -2376,7 +2363,7 @@ int main(int argc, char **argv)

 		/* If the backed-up command-line options have a value, restore them. */
 #ifdef ENABLE_OPERATINGDIR
-		if (operating_dir_cpy != NULL) {
+		if (operating_dir_cpy != NULL || ISSET(RESTRICTED)) {
 			free(operating_dir);
 			operating_dir = operating_dir_cpy;
 		}
@ -2433,6 +2420,17 @@ int main(int argc, char **argv)
 	if (ISSET(BOLD_TEXT))
 		hilite_attribute = A_BOLD;

+	/* When in restricted mode, disable backups, suspending, and history files,
+	 * since they allow writing to files not specified on the command line. */
+	if (ISSET(RESTRICTED)) {
+		UNSET(BACKUP_FILE);
+		UNSET(SUSPEND);
+#ifdef ENABLE_NANORC
+		UNSET(HISTORYLOG);
+		UNSET(POS_HISTORY);
+#endif
+	}
+
 #ifdef ENABLE_HISTORIES
 	/* Initialize the pointers for the Search/Replace/Execute histories. */
 	history_init();
--- a/src/rcfile.c
+++ b/src/rcfile.c
@ -451,7 +451,9 @@ void parse_binding(char *ptr, bool dobind)
 		menu = menu & (is_universal(newsc->func) ? MMOST : mask);

 		if (!menu) {
-			rcfile_error(N_("Function '%s' does not exist in menu '%s'"), funcptr, menuptr);
+			if (!ISSET(RESTRICTED))
+				rcfile_error(N_("Function '%s' does not exist in menu '%s'"),
+									funcptr, menuptr);
 			goto free_things;
 		}