ohmyzsh

Commit Graph

Author	SHA1	Message	Date
Marc Cornellà	72928432f1	fix(plugins): fix potential command injection in `rand-quote` and `hitokoto` The `rand-quote` plugin uses quotationspage.com and prints part of its content to the shell without sanitization, which could trigger command injection. There is no evidence that this has been exploited, but this commit removes all possibility for exploit. Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the shell, also without sanitization. Furthermore, there is also no evidence that this has been exploited, but with this change it is now impossible.	2021-11-11 22:45:24 +01:00
sinrimin	d9e64344aa	-mAdd hitokoto plugin (#8422 )	2019-12-28 21:04:24 -08:00

Author

SHA1

Message

Date

Marc Cornellà

72928432f1

fix(plugins): fix potential command injection in `rand-quote` and `hitokoto`

The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.

2021-11-11 22:45:24 +01:00

sinrimin

d9e64344aa

-mAdd hitokoto plugin (#8422 )

2019-12-28 21:04:24 -08:00

2 Commits