Improve "g:NERDTreeQuickLook()"

The following improvements were made... - Use variable sigils - Shorten a local variable name - Prefer an early return over testing for a negative - Switch to single quotes - Call "shellescape()" to pass a command argument [IMPORTANT!] The final change is a critical fix for the security and reliability of this function (see ":h system()"). Similar fixes for the other functions in this script will follow.
lifecrisis · Apr 8, 2020 · 56cfbcf · 56cfbcf
1 parent 832bbaa
commit 56cfbcf
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/nerdtree_plugin/fs_menu.vim b/nerdtree_plugin/fs_menu.vim
@@ -388,10 +388,13 @@ endfunction
 
 " FUNCTION: NERDTreeQuickLook() {{{1
 function! NERDTreeQuickLook()
-    let treenode = g:NERDTreeFileNode.GetSelected()
-    if treenode !=# {}
-        call system("qlmanage -p 2>/dev/null '" . treenode.path.str() . "'")
+    let l:node = g:NERDTreeFileNode.GetSelected()
+
+    if empty(l:node)
+        return
     endif
+
+    call system('qlmanage -p 2>/dev/null ' . shellescape(l:node.path.str()))
 endfunction
 
 " FUNCTION: NERDTreeRevealInFinder() {{{1
@@ -428,4 +431,3 @@ function! NERDTreeExecuteFileLinux()
 endfunction
 
 " vim: set sw=4 sts=4 et fdm=marker:
-