From 51a3885d8ca28a9a6107bfcd4d78fb8712fd6cae Mon Sep 17 00:00:00 2001
From: Johannes Altmanninger <aclopte@gmail.com>
Date: Mon, 13 Sep 2021 18:57:18 +0200
Subject: [PATCH] funced: avoid interpreting special characters in function
 name

Commit c3374ffd0 ("Use read --tokenize instead of eval for $BROWSER &
$EDITOR") converted uses of "eval" for environment variables to use the
safer "read -at", which performs word splitting but no other expansion.

funced contained a leftover instance of "eval". Remove it in favor
of using the editor command that was already word-split.
This means that we don't accidentally evaluate the file name.

(Also "set -gx EDITOR=~/my-editor" won't work anymore because the ~
is not expanded anymore but no one has complained about that behavior
in edit_command_buffer.)

Fixes #8289
---
 share/functions/funced.fish | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/functions/funced.fish b/share/functions/funced.fish
index c92332b15..1b8282dd2 100644
--- a/share/functions/funced.fish
+++ b/share/functions/funced.fish
@@ -101,7 +101,7 @@ function funced --description 'Edit function definition'
     while true
         set -l checksum (__funced_md5 "$tmpname")
 
-        if not eval $editor $tmpname
+        if not $editor_cmd $tmpname
             echo (_ "Editing failed or was cancelled")
         else
             # Verify the checksum (if present) to detect potential problems