patch 8.0.1647: terminal API may call any user function

Problem:    Terminal API may call a function not meant to be called by this
            API.
Solution:   Require the function to start with Tapi_.

runtime/doc/terminal.txt

@@ -423,20 +423,26 @@ Currently supported commands:

	call {funcname} {argument}

		Call a user defined function with [argument].  The function is
		called with the buffer number of the terminal and the decoded
		argument.  The user function must sanity check the argument.
		Call a user defined function with {argument}.
		The function is called with two arguments: the buffer number
		of the terminal and {argument}, the decoded JSON argument. 
		The function name must start with "Tapi_" to avoid
		accidentally calling a function not meant to be used for the
		terminal API
		The user function should sanity check the argument.
		The function can use |term_sendkeys()| to send back a reply.
		Example in JSON: >
			["call", "Impression", ["play", 14]]
			["call", "Tapi_Impression", ["play", 14]]
<		Calls a function defined like this: >
			function Impression(bufnum, arglist)
			function Tapi_Impression(bufnum, arglist)
			  if len(a:arglist) == 2
			    echo "impression " . a:arglist[0]
			    echo "count " . a:arglist[1]
			    echomsg "impression " . a:arglist[0]
			    echomsg "count " . a:arglist[1]
			  endif
			endfunc
<
<		Output from `:echo` may be erased by a redraw, use `:echomsg`
		to be able to see it with `:messages`.

	drop {filename}

		Let Vim open a file, like the `:drop` command.  If {filename}
@@ -447,7 +453,7 @@ Currently supported commands:

A trick to have Vim send this escape sequence: >
	exe "set t_ts=\<Esc>]51; t_fs=\x07"
	let &titlestring = '["call","TryThis",["hello",123]]'
	let &titlestring = '["call","Tapi_TryThis",["hello",123]]'
	redraw
	set t_ts& t_fs&

src/terminal.c

@@ -3193,7 +3193,7 @@ handle_call_command(term_T *term, channel_T *channel, listitem_T *item)
    }
    func = get_tv_string(&item->li_tv);

    if (!ASCII_ISUPPER(*func))
    if (STRNCMP(func, "Tapi_", 5) != 0)
    {
	ch_log(channel, "Invalid function name: %s", func);
	return;

src/testdir/test_terminal.vim

@@ -1072,24 +1072,28 @@ func Test_terminal_api_drop_oldwin()
  bwipe Xtextfile
endfunc

func TryThis(bufnum, arg)
func Tapi_TryThis(bufnum, arg)
  let g:called_bufnum = a:bufnum
  let g:called_arg = a:arg
endfunc

func Test_terminal_api_call()
  if !CanRunVimInTerminal()
    return
  endif

func WriteApiCall(funcname)
  " Use the title termcap entries to output the escape sequence.
  call writefile([
	\ 'set title',
	\ 'exe "set t_ts=\<Esc>]51; t_fs=\x07"',
	\ 'let &titlestring = ''["call","TryThis",["hello",123]]''',
	\ 'let &titlestring = ''["call","' . a:funcname . '",["hello",123]]''',
	\ 'redraw',
	\ "set t_ts=",
	\ ], 'Xscript')
endfunc

func Test_terminal_api_call()
  if !CanRunVimInTerminal()
    return
  endif

  call WriteApiCall('Tapi_TryThis')
  let buf = RunVimInTerminal('-S Xscript', {})
  call WaitFor({-> exists('g:called_bufnum')})
  call assert_equal(buf, g:called_bufnum)
@@ -1100,3 +1104,19 @@ func Test_terminal_api_call()
  unlet g:called_bufnum
  unlet g:called_arg
endfunc

func Test_terminal_api_call_fails()
  if !CanRunVimInTerminal()
    return
  endif

  call WriteApiCall('TryThis')
  call ch_logfile('Xlog', 'w')
  let buf = RunVimInTerminal('-S Xscript', {})
  call WaitFor({-> string(readfile('Xlog')) =~ 'Invalid function name: TryThis'})

  call StopVimInTerminal(buf)
  call delete('Xscript')
  call ch_logfile('', '')
  call delete('Xlog')
endfunc

src/version.c

@@ -766,6 +766,8 @@ static char *(features[]) =

static int included_patches[] =
{   /* Add new patch number below this line */
/**/
    1647,
/**/
    1646,
/**/