Commit graph

663 commits

Author SHA1 Message Date
Marc Cornellà 07b829c894
fix(vcs_info): quote % in relevant fields on all current Zsh releases 2022-02-21 18:34:28 +01:00
Marc Cornellà ef3f7c43a9
fix: apply workaround patch for vcs_info (CVE-2021-45444)
This lib function applies a patch to the VCS_INFO_formats function
in zsh versions from v5.0.3 until v5.8, which don't quote % chars
in some arguments received. Normally that just means that some
% characters in these strings (branch names, directories, etc.)
will be incorrectly parsed as formatting sequences.

With CVE-2021-45444, however, this means that one of these strings
from a malicious source (e.g. a malicious git repository) can
trigger command injection and run arbitrary code in the user's
machine when visiting such git repository.

Zsh 5.8.1 fixes this vulnerability [1], but older vcs_info setups
still need a workaround such as this one to patch the vulnerability.

[1] c3ea1e5d52
2022-02-13 19:07:12 +01:00
Carlo Sala 0da33ca22b
fix(cli): disable GPG signing in omz pr test to avoid key prompt (#10677) 2022-02-10 11:50:04 +01:00
Marc Cornellà e1a9d0ce3e
fix(cli): allow omz commands to be used in a script (#10645)
The commands `omz plugin {enable,disable}` and `omz theme set`
automatically reload the zsh session on success. With this
change, the CLI checks whether the commands are run in an
interactive session before reloading the zsh session.

This change also conditionally sets the completion function
for `omz` so that it's not done in a non-interactive session.
2022-02-02 23:02:23 +01:00
Marc Cornellà f64cabc780
fix(cli): make sure to run zsh command if an alias exists (#9737)
Fixes #9737
2022-01-24 17:38:32 +01:00
Marc Cornellà 84931adcd4
fix: do not call chpwd hooks in subshells 2022-01-22 22:07:09 +01:00
Marc Cornellà 567bd59395
refactor(cli): use self-referencing in subcommand functions 2022-01-17 13:18:10 +01:00
Marc Cornellà 035c856c2c
fix: get branch name first in omz version and changelog 2022-01-13 17:46:09 +01:00
Marc Cornellà a92ee838f3
fix(cli): follow symlinks in plugin or theme completions 2022-01-09 20:27:22 +01:00
Marc Cornellà 5b076eab9b
fix(lib): quote % in nvm_prompt_info 2022-01-03 13:50:50 +01:00
Marc Cornellà 304af0a577
fix(lib): quote % in git_remote_status 2022-01-03 13:50:50 +01:00
Marc Cornellà 8ae373130c
fix(cli): respect ZDOTDIR in plugin/theme change commands (#10520)
Fixes #10520
2021-12-21 17:01:56 +01:00
Marc Cornellà 4b4cc9a4a5
fix(cli): fix plugin and theme suggestions in completion for older zsh versions 2021-12-16 10:50:34 +01:00
Marc Cornellà 9a3d853481
fix: quote % characters in ruby prompt info functions 2021-12-13 17:43:32 +01:00
Marc Cornellà 428f815169
fix(lib): %-quote git prompt functions 2021-12-13 11:26:55 +01:00
Marc Cornellà f0f792fa6b
feat(cli): add omz version command 2021-11-30 10:13:23 +01:00
Paul Scott 0314604384
fix(lib): don't error if INSIDE_EMACS is not defined (#10443) 2021-11-25 23:55:21 +01:00
Marc Cornellà a263cdac9c
fix(lib): fix potential command injection in title and spectrum functions
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
Marc Cornellà 6cb41b70a6
fix(lib): fix omz_urldecode unsafe eval bug
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
2021-11-11 22:44:18 +01:00
Marc Cornellà 1d166eaaa1
fix(cli): avoid git -C for compatibility with git < v1.8.5 (#10404) 2021-11-10 11:35:17 +01:00
Marc Cornellà 9a11b34101
fix(cli): fix check for completion files in omz plugin load 2021-11-09 12:03:59 +01:00
Kevin Burke e86c6f5e7f
style: use -n flag in head and tail commands (#10391)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-09 09:04:10 +01:00
Richard Mitchell bf88ff3f90
fix(lib): fix 1 alias to cd to directory 1 in stack (#10370) 2021-11-02 12:05:37 +01:00
Sina Tak Tehrani 1e5e834e0f
fix(cli): exit omz update with correct error code (#10342) 2021-10-25 20:28:22 +02:00
michael-yuji f82aa81931
fix(lib): fix diff --color argument check for BSD systems (#10269) 2021-10-10 19:15:24 +02:00
Pooya Vahidi 07cdd7a539
fix(lib): fix status exit code check in git_prompt_status (#10275) 2021-10-09 12:02:49 +02:00
Marc Cornellà b621eee21f
fix(cli): fix zsh array syntax for szh 5.0.2 2021-10-05 11:58:39 +02:00
Monson Shao be4a952972
feat(cli)!: add omz reload command and deprecate zsh_reload plugin (#9078)
BREAKING CHANGE: the `zsh_reload` plugin is deprecated. Instead of using its `src`
function, use `omz reload` or `exec zsh` to reload zsh after making changes to
your `.zshrc` file.

Closes #9078
2021-10-04 16:24:05 +02:00
Marc Cornellà 3c209b00d6
feat(cli): show current theme in omz theme list
Fixes #9540
2021-09-30 15:45:12 +02:00
Marc Cornellà 5f99eb5afd
fix(cli): get branch and tags from OMZ folder in omz changelog completion 2021-09-30 10:18:53 +02:00
Celestino Gomes c7a55086e1
feat(lib): don't correct su command arguments (#10214) 2021-09-29 18:07:25 +02:00
Marc Cornellà 54e3e8ef54
fix(lib): fix automatic title abort inside Emacs (#10124)
Closes #10124

Co-authored-by: Paul Schorfheide <pschorf2@gmail.com>
Co-authored-by: Alastair Rankine <alastair@girtby.net>
2021-09-29 17:19:25 +02:00
Simon Rogers 16de514047
feat(lib): allow setting custom completion dots sequence (#9424)
Closes #9424
Closes #9703

Co-authored-by: mortezadadgar <mortezadadgar97@gmail.com>
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-09-22 11:30:07 +02:00
Marc Cornellà cbb534267a
feat(cli): add theme set subcommand to change theme in .zshrc
Fixes #9087
2021-08-18 16:58:36 +02:00
Marc Cornellà 8dedf26294
style(cli): print usage messages to stderr 2021-08-18 12:50:22 +02:00
Marc Cornellà 7a4f4ad91e
fix(lib): fix clipboard copy on Termux 2021-08-17 17:38:31 +02:00
Marc Cornellà bc7ce982dd
style(cli): fill rows in column output in theme and plugin list commands 2021-08-17 12:53:09 +02:00
Marc Cornellà bf888680ea
refactor(cli): extract substitution awk script in plugin disable 2021-08-17 12:44:53 +02:00
Marc Cornellà 708bbe12c5
fix(cli): fix multiple errors in plugin disable/enable 2021-08-17 12:31:37 +02:00
pollyduan 4455c13e06
feat(cli): add subcommands for plugin enable and disable (#9869)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-08-17 12:10:54 +02:00
James Eapen 6e4c9df4a4
feat(cli): add plugin load subcommand (#9872)
Fixes #9672

Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-08-13 12:33:30 +02:00
Marc Cornellà 7eeb1e193d
refactor(lib): refactor take functions 2021-08-10 21:09:21 +02:00
Marc Cornellà c249288151
feat(lib): add mkcd as equivalent to takedir (#9749)
Fixes #9749
2021-08-10 21:06:46 +02:00
Marc Cornellà e32d4b1e19
fix(lib): remove kubectx stub prompt function from lib
Fixes #9974
2021-06-17 18:54:52 +02:00
Stanisław Szydło 5152d381bb
feat(kubectx): adding a new plugin for 'kubectx' (#6114)
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
Co-authored-by: Robby Russell <robby@planetargon.com>
2021-06-13 08:23:13 -07:00
Mitchel Humpherys f68d65d32a
feat(take): add support to `take' for taking remote urls (#2029)
Download, extract, and cd into the resulting directory.

Co-authored-by: Mitchel Humpherys <mitchelh@codeaurora.org>
2021-06-11 21:09:08 -07:00
Marc Cornellà 02d07f3e3d
fix: use $USERNAME guaranteed to always be defined in zsh
Fixes #9701
2021-03-25 12:08:00 +01:00
Vlad Korolev 0ab87c26c1
fix(terraform): use faster method to get workspace (#9709)
Also add tf_prompt_info to the list of prompt functions so theme writers are aware of it
2021-03-08 10:46:42 +01:00
Cai Cooper 6fbad5bf72
fix(update): don't error on upgrade no-op (#9685)
* Don't error on upgrade no-op

No error code is required for a non failure scenario.

* Manually check whether changes were pulled in `omz update`

Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-03-01 08:17:54 +01:00
Marc Cornellà 8b37f817c2 fix(lib): use -N syntax in head and tail to support Solaris (#6391)
Closes #6391

Co-authored-by: Sergey Mashkov <cy6erGn0m@gmail.com>
2021-01-16 18:59:24 +01:00