mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2024-11-08 00:44:26 +01:00

History

Marc Cornellà 72928432f1 fix(plugins): fix potential command injection in `rand-quote` and `hitokoto` The `rand-quote` plugin uses quotationspage.com and prints part of its content to the shell without sanitization, which could trigger command injection. There is no evidence that this has been exploited, but this commit removes all possibility for exploit. Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the shell, also without sanitization. Furthermore, there is also no evidence that this has been exploited, but with this change it is now impossible.	2021-11-11 22:45:24 +01:00
..
hitokoto.plugin.zsh	fix(plugins): fix potential command injection in `rand-quote` and `hitokoto`	2021-11-11 22:45:24 +01:00
README.md	-mAdd hitokoto plugin (#8422 )	2019-12-28 21:04:24 -08:00

fix(plugins): fix potential command injection in rand-quote and hitokoto

The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.

2021-11-11 22:45:24 +01:00

hitokoto.plugin.zsh fix(plugins): fix potential command injection in rand-quote and hitokoto 2021-11-11 22:45:24 +01:00

README.md -mAdd hitokoto plugin (#8422 ) 2019-12-28 21:04:24 -08:00

README.md

hitokoto plugin

Displays a random quote taken from hitokoto.cn

Created by Sinrimin

Usage

Add the plugin to the plugins array in your zshrc file and restart zsh:

plugins=(... hitokoto)

Then, run hitokoto to get a new random quote.