Marc Cornellà
72928432f1
fix(plugins): fix potential command injection in rand-quote
and hitokoto
...
The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.
Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.
2021-11-11 22:45:24 +01:00
Marc Cornellà
a263cdac9c
fix(lib): fix potential command injection in title
and spectrum
functions
...
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.
The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
Marc Cornellà
06fc5fb129
fix(dirhistory): fix unsafe eval bug in back and forward widgets
...
The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.
2021-11-11 22:44:28 +01:00
Marc Cornellà
6cb41b70a6
fix(lib): fix omz_urldecode
unsafe eval bug
...
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
2021-11-11 22:44:18 +01:00
Marc Cornellà
1448d234d6
fix(dirhistory): fix Up/Down key bindings for Terminal.app
...
Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011
2021-11-11 17:20:07 +01:00
Kirill Molchanov
22de1d304c
fix(command-not-found): pass arguments correctly in Termux ( #10403 )
2021-11-10 15:03:38 +01:00
Marc Cornellà
1d166eaaa1
fix(cli): avoid git -C
for compatibility with git < v1.8.5 ( #10404 )
2021-11-10 11:35:17 +01:00
Marc Cornellà
e3f7b8aa57
fix(updater): avoid git -C
for compatibility with git < v1.8.5 ( #10404 )
...
Fixes #10404
2021-11-10 11:21:59 +01:00
Marc Cornellà
db19589fcf
refactor(updater): simplify check for available updates
2021-11-09 19:56:53 +01:00
Marc Cornellà
5c2440cb0c
style(frontend-search): rename completion file to _frontend
2021-11-09 12:07:23 +01:00
Marc Cornellà
9a11b34101
fix(cli): fix check for completion files in omz plugin load
2021-11-09 12:03:59 +01:00
Marc Cornellà
3dc66bd367
fix(emotty): fix glyphs output width in emotty theme
2021-11-09 10:25:23 +01:00
Janusz Mordarski
4a74349635
feat(refined): allow selecting git branch by changing prefix to :
( #10400 )
2021-11-09 09:50:25 +01:00
Kevin Burke
e86c6f5e7f
style: use -n
flag in head
and tail
commands ( #10391 )
...
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-09 09:04:10 +01:00
Shahin Sorkh
55682e3692
feat(tmux): set session name with ZSH_TMUX_DEFAULT_SESSION_NAME
( #9063 )
2021-11-08 15:32:09 +01:00
Marc Cornellà
90903779b9
refactor(percol): fix style, bind keys for vi-mode and remove dependencies
2021-11-08 14:01:34 +01:00
Jonathan Batchelor
b2f35a7b98
refactor(osx): Rename osx plugin to macos ( #10341 )
...
Apple changed the name of their operating system from OS X to macOS a number of years ago. This was overdue!
As per issue #10311
* refactor(osx): rename `osx` plugin to `macos`
* refactor(macos): Add symbolic link from old `osx` plugin name.
2021-11-05 16:40:38 -07:00
Marc Cornellà
7a2cb10625
fix(updater): stop update if connection unavailable
2021-11-05 19:47:29 +01:00
Marc Cornellà
0520c2e309
docs: add Security Policy
2021-11-03 18:21:04 +01:00
amnore
9a02515c7c
fix(command-not-found): pass arguments correctly in NixOS ( #10381 )
2021-11-03 13:17:23 +01:00
Aaron Hutchinson
5e8905b4b2
feat(ys): increase color contrast with light color schemes ( #10295 )
2021-11-02 19:40:40 +01:00
Michael Peick
79cf4b3ceb
feat(dirhistory): support urxvt terminal key binding ( #8370 )
...
Closes #8370
2021-11-02 15:12:43 +01:00
Marc Cornellà
7f494944e6
fix(dirhistory): fix ALT+Up/Down key bindings for Terminal.app
2021-11-02 15:12:43 +01:00
Marc Cornellà
49458b872d
docs(dirhistory): document OPT key alternative for macOS and fix style
...
Fixes #10350
2021-11-02 15:12:43 +01:00
Richard Mitchell
bf88ff3f90
fix(lib): fix 1
alias to cd
to directory 1 in stack ( #10370 )
2021-11-02 12:05:37 +01:00
Afzal Sayed
04c96e235f
chore: fix grammar mistake in CONTRIBUTING.md
( #10362 )
2021-10-30 13:20:30 +02:00
YR Chen
1861b5f175
feat(xcode): support Package.swift
as project file in xc
( #10358 )
2021-10-29 17:40:23 +02:00
Christophe Bliard
2e46b2a2dc
feat(fzf): support getting fzf from nix-darwin ( #10355 )
2021-10-27 11:40:09 +02:00
Marc Cornellà
1dba112041
fix(changelog): fix for ${(@ps:$sep:)var}
construct in zsh < 5.0.8
...
In recent zsh versions, `${(@ps:$sep:)var}` where $sep is a variable containing
a separator string and $var is a string with multiple values separated by $sep,
the `p` flag makes zsh correctly expand $sep before splitting $var. In versions
older than 5.0.8, this doesn't happen, so we use `eval` to get the same effect.
2021-10-27 10:12:23 +02:00
Marc Cornellà
4b3a5c5411
fix(changelog): fix percent escapes in printf
calls
2021-10-26 21:04:02 +02:00
Marc Cornellà
0267cb89eb
perf(changelog): use regex-match instead of sed
to parse commit subjects
2021-10-26 21:04:01 +02:00
Marc Cornellà
140bfa8432
fix(changelog): go back to ignoring commits from merged branches
2021-10-26 21:04:01 +02:00
Marc Cornellà
9c8131e417
perf(changelog): use a single git log
command to get all commit messages
2021-10-26 21:04:00 +02:00
José Camelo Freitas
4f67b02a9f
feat(mix): update mix
commands and descriptions ( #10273 )
2021-10-26 16:07:46 +02:00
Marc Cornellà
c2b9ae2937
fix(changelog): don't show more than 40 commits ( #10345 )
...
Fixes #10345
2021-10-26 13:23:07 +02:00
Sina Tak Tehrani
1e5e834e0f
fix(cli): exit omz update
with correct error code ( #10342 )
2021-10-25 20:28:22 +02:00
Marc Cornellà
f1dd97bb2a
fix(ssh-agent): fix check for running ssh-agent
process with hidepid /proc ( #8492 )
...
Fixes #8492
2021-10-23 05:16:15 +02:00
Rob Vadai
46f8765f4c
feat(osx): add freespace
command to clean purgeable disk space ( #8762 )
...
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-10-20 22:58:28 +02:00
Marc Cornellà
8c1495a18e
fix(ruby)!: rename aliases that start with g
to ge
...
BREAKING CHANGE: all `gem` aliases that started with `g` now start
with `ge` to fix conflicting names with the `git` plugin. Also, the
`ghlp` alias is now renamed `geh`. Have a look at the plugin README
for more information.
Fixes #10320
2021-10-20 17:11:42 +02:00
Marc Cornellà
4b1f6d638f
feat(ruby): add multiple gem
aliases ( #9005 )
...
Mostly empty commit to fix the changelog for merge at 6f4c7f64
2021-10-19 20:07:40 +02:00
Robby Russell
6f4c7f6440
Merge branch 'royninja-patch-1'
2021-10-19 10:55:16 -07:00
Robby Russell
f83bb65d47
Swapping gh with ghlp as 'gh' is reserved for the Github CLI. #9005
2021-10-19 10:54:50 -07:00
Robby Russell
a6b5aede81
Merge branch 'patch-1' of https://github.com/royninja/ohmyzsh into royninja-patch-1
2021-10-19 10:54:30 -07:00
Eric
75fe22b405
docs(README): document new zstyle
update settings ( #10304 )
...
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-10-18 19:58:25 +02:00
Marc Cornellà
19f9b6f1ad
feat(updater): add support for terminal hyperlinks
2021-10-13 11:58:56 +02:00
Igor Gavelyuk
dbf555438e
feat(obraun): display time with leading zeros ( #10289 )
2021-10-13 10:00:46 +02:00
Marc Cornellà
beeda72826
fix(ssh-agent): fix for bad zstyle
command argument
...
Fixes #10282
2021-10-11 15:22:03 +02:00
Marc Cornellà
a0ac789f2a
feat(ssh-agent): allow lazy-loading SSH identities ( #6309 )
...
Fixes #7477
2021-10-11 12:15:47 +02:00
Arthur Maltson
9bd0ac9b00
feat(mvn): support using mvnw
in multi-module projects ( #9413 )
2021-10-11 11:40:17 +02:00
michael-yuji
f82aa81931
fix(lib): fix diff --color
argument check for BSD systems ( #10269 )
2021-10-10 19:15:24 +02:00