1
0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2025-01-20 07:12:45 +08:00
Commit Graph

662 Commits

Author SHA1 Message Date
Marc Cornellà
ef3f7c43a9
fix: apply workaround patch for vcs_info (CVE-2021-45444)
This lib function applies a patch to the VCS_INFO_formats function
in zsh versions from v5.0.3 until v5.8, which don't quote % chars
in some arguments received. Normally that just means that some
% characters in these strings (branch names, directories, etc.)
will be incorrectly parsed as formatting sequences.

With CVE-2021-45444, however, this means that one of these strings
from a malicious source (e.g. a malicious git repository) can
trigger command injection and run arbitrary code in the user's
machine when visiting such git repository.

Zsh 5.8.1 fixes this vulnerability [1], but older vcs_info setups
still need a workaround such as this one to patch the vulnerability.

[1] c3ea1e5d52
2022-02-13 19:07:12 +01:00
Carlo Sala
0da33ca22b
fix(cli): disable GPG signing in omz pr test to avoid key prompt (#10677) 2022-02-10 11:50:04 +01:00
Marc Cornellà
e1a9d0ce3e
fix(cli): allow omz commands to be used in a script (#10645)
The commands `omz plugin {enable,disable}` and `omz theme set`
automatically reload the zsh session on success. With this
change, the CLI checks whether the commands are run in an
interactive session before reloading the zsh session.

This change also conditionally sets the completion function
for `omz` so that it's not done in a non-interactive session.
2022-02-02 23:02:23 +01:00
Marc Cornellà
f64cabc780
fix(cli): make sure to run zsh command if an alias exists (#9737)
Fixes #9737
2022-01-24 17:38:32 +01:00
Marc Cornellà
84931adcd4
fix: do not call chpwd hooks in subshells 2022-01-22 22:07:09 +01:00
Marc Cornellà
567bd59395
refactor(cli): use self-referencing in subcommand functions 2022-01-17 13:18:10 +01:00
Marc Cornellà
035c856c2c
fix: get branch name first in omz version and changelog 2022-01-13 17:46:09 +01:00
Marc Cornellà
a92ee838f3
fix(cli): follow symlinks in plugin or theme completions 2022-01-09 20:27:22 +01:00
Marc Cornellà
5b076eab9b
fix(lib): quote % in nvm_prompt_info 2022-01-03 13:50:50 +01:00
Marc Cornellà
304af0a577
fix(lib): quote % in git_remote_status 2022-01-03 13:50:50 +01:00
Marc Cornellà
8ae373130c
fix(cli): respect ZDOTDIR in plugin/theme change commands (#10520)
Fixes #10520
2021-12-21 17:01:56 +01:00
Marc Cornellà
4b4cc9a4a5
fix(cli): fix plugin and theme suggestions in completion for older zsh versions 2021-12-16 10:50:34 +01:00
Marc Cornellà
9a3d853481
fix: quote % characters in ruby prompt info functions 2021-12-13 17:43:32 +01:00
Marc Cornellà
428f815169
fix(lib): %-quote git prompt functions 2021-12-13 11:26:55 +01:00
Marc Cornellà
f0f792fa6b
feat(cli): add omz version command 2021-11-30 10:13:23 +01:00
Paul Scott
0314604384
fix(lib): don't error if INSIDE_EMACS is not defined (#10443) 2021-11-25 23:55:21 +01:00
Marc Cornellà
a263cdac9c
fix(lib): fix potential command injection in title and spectrum functions
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
Marc Cornellà
6cb41b70a6
fix(lib): fix omz_urldecode unsafe eval bug
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
2021-11-11 22:44:18 +01:00
Marc Cornellà
1d166eaaa1
fix(cli): avoid git -C for compatibility with git < v1.8.5 (#10404) 2021-11-10 11:35:17 +01:00
Marc Cornellà
9a11b34101
fix(cli): fix check for completion files in omz plugin load 2021-11-09 12:03:59 +01:00
Kevin Burke
e86c6f5e7f
style: use -n flag in head and tail commands (#10391)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-09 09:04:10 +01:00
Richard Mitchell
bf88ff3f90
fix(lib): fix 1 alias to cd to directory 1 in stack (#10370) 2021-11-02 12:05:37 +01:00
Sina Tak Tehrani
1e5e834e0f
fix(cli): exit omz update with correct error code (#10342) 2021-10-25 20:28:22 +02:00
michael-yuji
f82aa81931
fix(lib): fix diff --color argument check for BSD systems (#10269) 2021-10-10 19:15:24 +02:00
Pooya Vahidi
07cdd7a539
fix(lib): fix status exit code check in git_prompt_status (#10275) 2021-10-09 12:02:49 +02:00
Marc Cornellà
b621eee21f
fix(cli): fix zsh array syntax for szh 5.0.2 2021-10-05 11:58:39 +02:00
Monson Shao
be4a952972
feat(cli)!: add omz reload command and deprecate zsh_reload plugin (#9078)
BREAKING CHANGE: the `zsh_reload` plugin is deprecated. Instead of using its `src`
function, use `omz reload` or `exec zsh` to reload zsh after making changes to
your `.zshrc` file.

Closes #9078
2021-10-04 16:24:05 +02:00
Marc Cornellà
3c209b00d6
feat(cli): show current theme in omz theme list
Fixes #9540
2021-09-30 15:45:12 +02:00
Marc Cornellà
5f99eb5afd
fix(cli): get branch and tags from OMZ folder in omz changelog completion 2021-09-30 10:18:53 +02:00
Celestino Gomes
c7a55086e1
feat(lib): don't correct su command arguments (#10214) 2021-09-29 18:07:25 +02:00
Marc Cornellà
54e3e8ef54
fix(lib): fix automatic title abort inside Emacs (#10124)
Closes #10124

Co-authored-by: Paul Schorfheide <pschorf2@gmail.com>
Co-authored-by: Alastair Rankine <alastair@girtby.net>
2021-09-29 17:19:25 +02:00
Simon Rogers
16de514047
feat(lib): allow setting custom completion dots sequence (#9424)
Closes #9424
Closes #9703

Co-authored-by: mortezadadgar <mortezadadgar97@gmail.com>
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-09-22 11:30:07 +02:00
Marc Cornellà
cbb534267a
feat(cli): add theme set subcommand to change theme in .zshrc
Fixes #9087
2021-08-18 16:58:36 +02:00
Marc Cornellà
8dedf26294
style(cli): print usage messages to stderr 2021-08-18 12:50:22 +02:00
Marc Cornellà
7a4f4ad91e
fix(lib): fix clipboard copy on Termux 2021-08-17 17:38:31 +02:00
Marc Cornellà
bc7ce982dd
style(cli): fill rows in column output in theme and plugin list commands 2021-08-17 12:53:09 +02:00
Marc Cornellà
bf888680ea
refactor(cli): extract substitution awk script in plugin disable 2021-08-17 12:44:53 +02:00
Marc Cornellà
708bbe12c5
fix(cli): fix multiple errors in plugin disable/enable 2021-08-17 12:31:37 +02:00
pollyduan
4455c13e06
feat(cli): add subcommands for plugin enable and disable (#9869)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-08-17 12:10:54 +02:00
James Eapen
6e4c9df4a4
feat(cli): add plugin load subcommand (#9872)
Fixes #9672

Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-08-13 12:33:30 +02:00
Marc Cornellà
7eeb1e193d
refactor(lib): refactor take functions 2021-08-10 21:09:21 +02:00
Marc Cornellà
c249288151
feat(lib): add mkcd as equivalent to takedir (#9749)
Fixes #9749
2021-08-10 21:06:46 +02:00
Marc Cornellà
e32d4b1e19
fix(lib): remove kubectx stub prompt function from lib
Fixes #9974
2021-06-17 18:54:52 +02:00
Stanisław Szydło
5152d381bb
feat(kubectx): adding a new plugin for 'kubectx' (#6114)
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
Co-authored-by: Robby Russell <robby@planetargon.com>
2021-06-13 08:23:13 -07:00
Mitchel Humpherys
f68d65d32a
feat(take): add support to `take' for taking remote urls (#2029)
Download, extract, and cd into the resulting directory.

Co-authored-by: Mitchel Humpherys <mitchelh@codeaurora.org>
2021-06-11 21:09:08 -07:00
Marc Cornellà
02d07f3e3d
fix: use $USERNAME guaranteed to always be defined in zsh
Fixes #9701
2021-03-25 12:08:00 +01:00
Vlad Korolev
0ab87c26c1
fix(terraform): use faster method to get workspace (#9709)
Also add tf_prompt_info to the list of prompt functions so theme writers are aware of it
2021-03-08 10:46:42 +01:00
Cai Cooper
6fbad5bf72
fix(update): don't error on upgrade no-op (#9685)
* Don't error on upgrade no-op

No error code is required for a non failure scenario.

* Manually check whether changes were pulled in `omz update`

Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-03-01 08:17:54 +01:00
Marc Cornellà
8b37f817c2 fix(lib): use -N syntax in head and tail to support Solaris (#6391)
Closes #6391

Co-authored-by: Sergey Mashkov <cy6erGn0m@gmail.com>
2021-01-16 18:59:24 +01:00
Kyle Gerard Felker
c9bf8b4a84
fix(lib): update Emacs terminal detection in title function (#9577)
Environment variable EMACS was replaced by INSIDE_EMACS
2021-01-07 20:55:18 +01:00