1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2024-12-30 16:21:59 +00:00
Commit graph

4 commits

Author SHA1 Message Date
Marc Cornellà
b3ba9978cc
fix(themes): fix potential command injection in pygmalion, pygmalion-virtualenv and refined
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.
2021-11-11 22:45:40 +01:00
Florian Klink
4ed6fd2b8b
pygmalion: use pure zsh instead of perl ()
My system doesn't have `perl` in $PATH, so using this theme clutters the
shell output quite a bit.

Turns out, the same thing can be accomplished in pure zsh (with
extendedglob).

Co-Authored-By: Marc Cornellà <marc.cornella@live.com>
2020-08-29 00:27:06 +02:00
Jacob Tomaw
1ba0af650a Use safer append to hook function arrays ()
Use add-zsh-hook to add functions to hooks. That way they won't be added again
when doing `source ~/.zshrc` multiple times.

Co-authored-by: Marc Cornellà <marc.cornella@live.com>
2019-11-19 18:47:12 +01:00
shellbye
5ff21efad7 Add pygmalion-virtualenv theme () 2019-03-24 17:25:26 +01:00