github-mirror/fish-shell
github-mirror/fish-shell
2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell.git synced 2025-03-11 12:55:27 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

fish_config: Pass filenames as arguments

Browse Source 
This injected filenames into fish script, which could inject things
that looked like fish script.

E.g. create a file called `~/.config/fish/themes/"; rm -rf ~/*"`.

Note that the prompts are all shipped by us, but the themes can
technically be added by the user, and they might not be dilligent in
what filenames they allow.
This commit is contained in:
Fabian Homborg 2021-07-16 17:28:40 +02:00
parent f345464879
commit 405a03bfae
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
share/functions/fish_config.fish
View File

@ -60,13 +60,13 @@ function fish_config --description "Launch fish's web based configuration"
end
set -l promptname (string replace -r '.*/([^/]*).fish$' '$1' $p)
echo -s (set_color --underline) $promptname (set_color normal)
$fish -c "functions -e fish_right_prompt; source $p;
$fish -c 'functions -e fish_right_prompt; source $argv[1];
false
fish_prompt
echo (set_color normal)
if functions -q fish_right_prompt;
echo right prompt: (false; fish_right_prompt)
end"
end' $p
echo
end
case list ''
@ -191,10 +191,10 @@ function fish_config --description "Launch fish's web based configuration"
# Use a new, --no-config, fish to display the theme.
# So we can use this function, explicitly source it before anything else!
functions fish_config | $fish -C "source -" --no-config -c "
fish_config theme choose '$themename'
fish_config theme demo '$themename'
"
functions fish_config | $fish -C "source -" --no-config -c '
fish_config theme choose $argv
fish_config theme demo $argv
' $themename
end
case choose save