Commit graph

6288 commits

Author SHA1 Message Date
Marc Cornellà aef393bdce
ci: add check-spelling GitHub Action 2021-12-01 12:20:46 +01:00
Josh Soref 0e41181d54
chore: fix spelling errors across the project (#10459)
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-12-01 12:20:31 +01:00
Marc Cornellà 1c1d74c5ec
chore: update new issue templates 2021-11-30 10:34:45 +01:00
Marc Cornellà f0f792fa6b
feat(cli): add omz version command 2021-11-30 10:13:23 +01:00
Nicholas Hawkes bf303965e6
feat(aws): Adds the login option for AWS SSO (#9921) 2021-11-27 12:34:47 -08:00
Markus Hofbauer 58478d0888
feat(git): Add alias for rebasing to origin/main-branch (#10445) 2021-11-27 11:30:03 -08:00
Adam Cwyk 8e5f3db305
feat(dotnet): add alias for dotnet build command (#10435)
Co-authored-by: Adam Cwyk <git@adamcwyk.dev>
2021-11-26 17:23:08 -08:00
Kyle 452ddff763
feat(xcode): support .swiftpm as project file in xc (#10434) 2021-11-25 23:57:08 +01:00
Paul Scott 0314604384
fix(lib): don't error if INSIDE_EMACS is not defined (#10443) 2021-11-25 23:55:21 +01:00
Marc Cornellà 2b96b7c54b
fix(updater): stop update if $ZSH is not a git repository (#10448)
Fixes #10448
2021-11-25 23:36:38 +01:00
Marc Cornellà 15fd9c84de style(bundler): simplify bundled_commands array operations 2021-11-17 13:09:25 +01:00
Marc Cornellà 98b4801548 fix(bundler): use BUNDLE_JOBS in bi to avoid config file change
When calling `bundle install` with `--jobs=<n>`, bundle persists this
argument in `.bundle/config`. If we run `BUNDLE_JOBS=<n> bundle install`
instead, this is not persisted.

Fixes #10425
2021-11-17 13:09:25 +01:00
Aurora ff09151d6b
fix(bgnotify): avoid permission prompts by checking frontmost app ID (#10318)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-17 11:44:04 +01:00
Marc Cornellà 88e72e8a54 fix(docker-compose)!: check for old command instead of calling docker (#10409)
BREAKING CHANGE: the plugin now checks for the `docker-compose` command instead
of trying whether `docker compose` is a valid command. This means that if the
old command is still installed it will be used instead. To use `docker compose`,
uninstall any old copies of `docker-compose`.

Fixes #10409
2021-11-17 11:05:25 +01:00
Marc Cornellà b60b3f1842
fix(osx): deprecate osx plugin without symlink (#10428)
Fixes #10428
2021-11-17 10:53:17 +01:00
Brian Tannous 2b379ec42c
feat(kn): add plugin for kn completion (#8927) 2021-11-17 10:33:48 +01:00
Marc Cornellà 60b89cd264
feat(ssh-agent): add quiet option to silence plugin (#9659)
Closes #9659

Co-authored-by: Jeff Warner <jeff@develops.software>
2021-11-17 09:55:39 +01:00
Marc Cornellà fb12e41353
fix(install): fix backslash in printf when showing logo (#10422)
Fixes #10422
2021-11-16 19:24:32 +01:00
Marc Cornellà 2c06852546
style(dirhistory): remove use of eval completely 2021-11-16 17:18:07 +01:00
Marc Cornellà b3ba9978cc
fix(themes): fix potential command injection in pygmalion, pygmalion-virtualenv and refined
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.
2021-11-11 22:45:40 +01:00
Marc Cornellà 72928432f1
fix(plugins): fix potential command injection in rand-quote and hitokoto
The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.
2021-11-11 22:45:24 +01:00
Marc Cornellà a263cdac9c
fix(lib): fix potential command injection in title and spectrum functions
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
Marc Cornellà 06fc5fb129
fix(dirhistory): fix unsafe eval bug in back and forward widgets
The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.
2021-11-11 22:44:28 +01:00
Marc Cornellà 6cb41b70a6
fix(lib): fix omz_urldecode unsafe eval bug
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
2021-11-11 22:44:18 +01:00
Marc Cornellà 1448d234d6
fix(dirhistory): fix Up/Down key bindings for Terminal.app
Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011
2021-11-11 17:20:07 +01:00
Kirill Molchanov 22de1d304c
fix(command-not-found): pass arguments correctly in Termux (#10403) 2021-11-10 15:03:38 +01:00
Marc Cornellà 1d166eaaa1
fix(cli): avoid git -C for compatibility with git < v1.8.5 (#10404) 2021-11-10 11:35:17 +01:00
Marc Cornellà e3f7b8aa57
fix(updater): avoid git -C for compatibility with git < v1.8.5 (#10404)
Fixes #10404
2021-11-10 11:21:59 +01:00
Marc Cornellà db19589fcf
refactor(updater): simplify check for available updates 2021-11-09 19:56:53 +01:00
Marc Cornellà 5c2440cb0c
style(frontend-search): rename completion file to _frontend 2021-11-09 12:07:23 +01:00
Marc Cornellà 9a11b34101
fix(cli): fix check for completion files in omz plugin load 2021-11-09 12:03:59 +01:00
Marc Cornellà 3dc66bd367
fix(emotty): fix glyphs output width in emotty theme 2021-11-09 10:25:23 +01:00
Janusz Mordarski 4a74349635
feat(refined): allow selecting git branch by changing prefix to : (#10400) 2021-11-09 09:50:25 +01:00
Kevin Burke e86c6f5e7f
style: use -n flag in head and tail commands (#10391)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-09 09:04:10 +01:00
Shahin Sorkh 55682e3692
feat(tmux): set session name with ZSH_TMUX_DEFAULT_SESSION_NAME (#9063) 2021-11-08 15:32:09 +01:00
Marc Cornellà 90903779b9
refactor(percol): fix style, bind keys for vi-mode and remove dependencies 2021-11-08 14:01:34 +01:00
Jonathan Batchelor b2f35a7b98
refactor(osx): Rename osx plugin to macos (#10341)
Apple changed the name of their operating system from OS X to macOS a number of years ago. This was overdue!

As per issue  #10311

* refactor(osx): rename `osx` plugin to `macos`
* refactor(macos): Add symbolic link from old `osx` plugin name.
2021-11-05 16:40:38 -07:00
Marc Cornellà 7a2cb10625
fix(updater): stop update if connection unavailable 2021-11-05 19:47:29 +01:00
Marc Cornellà 0520c2e309
docs: add Security Policy 2021-11-03 18:21:04 +01:00
amnore 9a02515c7c
fix(command-not-found): pass arguments correctly in NixOS (#10381) 2021-11-03 13:17:23 +01:00
Aaron Hutchinson 5e8905b4b2
feat(ys): increase color contrast with light color schemes (#10295) 2021-11-02 19:40:40 +01:00
Michael Peick 79cf4b3ceb
feat(dirhistory): support urxvt terminal key binding (#8370)
Closes #8370
2021-11-02 15:12:43 +01:00
Marc Cornellà 7f494944e6
fix(dirhistory): fix ALT+Up/Down key bindings for Terminal.app 2021-11-02 15:12:43 +01:00
Marc Cornellà 49458b872d
docs(dirhistory): document OPT key alternative for macOS and fix style
Fixes #10350
2021-11-02 15:12:43 +01:00
Richard Mitchell bf88ff3f90
fix(lib): fix 1 alias to cd to directory 1 in stack (#10370) 2021-11-02 12:05:37 +01:00
Afzal Sayed 04c96e235f
chore: fix grammar mistake in CONTRIBUTING.md (#10362) 2021-10-30 13:20:30 +02:00
YR Chen 1861b5f175
feat(xcode): support Package.swift as project file in xc (#10358) 2021-10-29 17:40:23 +02:00
Christophe Bliard 2e46b2a2dc
feat(fzf): support getting fzf from nix-darwin (#10355) 2021-10-27 11:40:09 +02:00
Marc Cornellà 1dba112041
fix(changelog): fix for ${(@ps:$sep:)var} construct in zsh < 5.0.8
In recent zsh versions, `${(@ps:$sep:)var}` where $sep is a variable containing
a separator string and $var is a string with multiple values separated by $sep,
the `p` flag makes zsh correctly expand $sep before splitting $var. In versions
older than 5.0.8, this doesn't happen, so we use `eval` to get the same effect.
2021-10-27 10:12:23 +02:00
Marc Cornellà 4b3a5c5411
fix(changelog): fix percent escapes in printf calls 2021-10-26 21:04:02 +02:00