holm/ohmyzsh
1
1
Fork 0
forked from extern/ohmyzsh
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ff09151d6b
ohmyzsh/lib
History
Marc Cornellà a263cdac9c
fix(lib): fix potential command injection in title and spectrum functions 
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
..
bzr.zsh Modification to the frisk theme to work with the BZR lib 2013-11-06 20:10:59 -02:00
cli.zsh fix(cli): avoid git -C for compatibility with git < v1.8.5 (#10404) 2021-11-10 11:35:17 +01:00
clipboard.zsh fix(lib): fix clipboard copy on Termux 2021-08-17 17:38:31 +02:00
compfix.zsh compfix: fix check for empty string (#7674) 2019-03-21 20:35:00 +01:00
completion.zsh feat(lib): allow setting custom completion dots sequence (#9424) 2021-09-22 11:30:07 +02:00
correction.zsh feat(lib): don't correct su command arguments (#10214) 2021-09-29 18:07:25 +02:00
diagnostics.zsh style: use -n flag in head and tail commands (#10391) 2021-11-09 09:04:10 +01:00
directories.zsh style: use -n flag in head and tail commands (#10391) 2021-11-09 09:04:10 +01:00
functions.zsh fix(lib): fix omz_urldecode unsafe eval bug 2021-11-11 22:44:18 +01:00
git.zsh style: use -n flag in head and tail commands (#10391) 2021-11-09 09:04:10 +01:00
grep.zsh lib: use grep-alias cache only if ZSH_CACHE_DIR is writable 2020-03-02 12:35:58 +01:00
history.zsh Revert "lib: remove share_history" 2020-11-09 12:00:15 +01:00
key-bindings.zsh lib: remove CTRL-Backspace key binding altogether 2020-08-06 08:55:29 +02:00
misc.zsh lib: speed up slow parts of the lib files; other small fixes 2020-04-05 21:37:45 +02:00
nvm.zsh nvm: simplify nvm.sh and bash completion loading 2020-10-09 17:21:03 +02:00
prompt_info_functions.zsh fix(lib): remove kubectx stub prompt function from lib 2021-06-17 18:54:52 +02:00
spectrum.zsh fix(lib): fix potential command injection in title and spectrum functions 2021-11-11 22:45:11 +01:00
termsupport.zsh fix(lib): fix potential command injection in title and spectrum functions 2021-11-11 22:45:11 +01:00
theme-and-appearance.zsh fix(lib): fix diff --color argument check for BSD systems (#10269) 2021-10-10 19:15:24 +02:00