mirror of
https://github.com/ohmyzsh/ohmyzsh.git
synced 2024-12-27 06:41:58 +00:00
b3ba9978cc
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information which results in a double evaluation of this information, so a malicious git repository could trigger a command injection if the user cloned and entered the repository. A similar method could be used in the refined theme. All themes have been patched against this vulnerability.
54 lines
1.8 KiB
Bash
54 lines
1.8 KiB
Bash
# Yay! High voltage and arrows!
|
|
|
|
|
|
function _virtualenv_prompt_info {
|
|
if [[ -n "$(whence virtualenv_prompt_info)" ]]; then
|
|
if [ -n "$(whence pyenv_prompt_info)" ]; then
|
|
if [ "$1" = "inline" ]; then
|
|
ZSH_THEME_VIRTUAL_ENV_PROMPT_PREFIX=%{$fg[blue]%}"::%{$fg[red]%}"
|
|
ZSH_THEME_VIRTUAL_ENV_PROMPT_SUFFIX=""
|
|
virtualenv_prompt_info
|
|
fi
|
|
[ "$(pyenv_prompt_info)" = "${PYENV_PROMPT_DEFAULT_VERSION}" ] && virtualenv_prompt_info
|
|
else
|
|
virtualenv_prompt_info
|
|
fi
|
|
fi
|
|
}
|
|
|
|
prompt_setup_pygmalion(){
|
|
setopt localoptions extendedglob
|
|
|
|
ZSH_THEME_GIT_PROMPT_PREFIX="%{$reset_color%}%{$fg[green]%}"
|
|
ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%} "
|
|
ZSH_THEME_GIT_PROMPT_DIRTY="%{$fg[yellow]%}⚡%{$reset_color%}"
|
|
ZSH_THEME_GIT_PROMPT_CLEAN=""
|
|
|
|
base_prompt='$(_virtualenv_prompt_info)%{$fg[magenta]%}%n%{$reset_color%}%{$fg[cyan]%}@%{$reset_color%}%{$fg[yellow]%}%m%{$reset_color%}%{$fg[red]%}:%{$reset_color%}%{$fg[cyan]%}%0~%{$reset_color%}%{$fg[red]%}|%{$reset_color%}'
|
|
post_prompt='%{$fg[cyan]%}⇒%{$reset_color%} '
|
|
|
|
base_prompt_nocolor=${base_prompt//\%\{[^\}]##\}}
|
|
post_prompt_nocolor=${post_prompt//\%\{[^\}]##\}}
|
|
|
|
autoload -U add-zsh-hook
|
|
add-zsh-hook precmd prompt_pygmalion_precmd
|
|
}
|
|
|
|
prompt_pygmalion_precmd(){
|
|
setopt localoptions nopromptsubst extendedglob
|
|
|
|
local gitinfo=$(git_prompt_info)
|
|
local gitinfo_nocolor=${gitinfo//\%\{[^\}]##\}}
|
|
local exp_nocolor="$(print -P \"${base_prompt_nocolor}${gitinfo_nocolor}${post_prompt_nocolor}\")"
|
|
local prompt_length=${#exp_nocolor}
|
|
|
|
# add new line on prompt longer than 40 characters
|
|
local nl=""
|
|
if [[ $prompt_length -gt 40 ]]; then
|
|
nl=$'\n%{\r%}'
|
|
fi
|
|
|
|
PROMPT="${base_prompt}\$(git_prompt_info)${nl}${post_prompt}"
|
|
}
|
|
|
|
prompt_setup_pygmalion
|