The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.
The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
BREAKING CHANGE: the `zsh_reload` plugin is deprecated. Instead of using its `src`
function, use `omz reload` or `exec zsh` to reload zsh after making changes to
your `.zshrc` file.
Closes#9078
* Don't error on upgrade no-op
No error code is required for a non failure scenario.
* Manually check whether changes were pulled in `omz update`
Co-authored-by: Marc Cornellà <hello@mcornella.com>
Show the remote branch the local branch is tracking if `ZSH_THEME_GIT_SHOW_UPSTREAM`
is set, like so: `ZSH_THEME_GIT_SHOW_UPSTREAM=1`.
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
Fixes error message when using zplug, due to $opts having been declared
as an associative array:
omz_urlencode:2: bad set of key/value pairs for associative array
Fixes#9429
This makes it work regardless of where nvm is loaded from. And it uses nvm's
version strings, which distinguish the "system" and "none" NVM environments,
instead of reporting the specific version of the system node.js or erroring,
respectively.
Fixes#4336Closes#4338
- Add plugin and theme subcommand
Fixes#8961
- Add confirmation prompt to `omz pr clean` command
- Correct behavior on invalid answers on confirmation prompts
If an invalid option is supplied, don't proceed with the potentially
destructive action.
Co-authored-by: Rishabh Bohra <rishabhbohra01@gmail.com>
In Ubuntu and Debian, in scp, and in rsync the prompt is by default specified as in
user@hostname:/path/to/directory
while the previous title in ohmyzsh was
user@hostname: /path/to/directory
DISABLE_UNTRACKED_FILES_DIRTY, DISABLE_AUTO_TITLE, GIT_STATUS_IGNORE_SUBMODULES are not set
Handle these variables not being set with conditional access.
If the user has set -u option to report attempts to use undeclared / unassigned variable, accessing the variables needs to be conditional.
oh-my-zsh Changes the HISTSIZE and SAVEHIST values to fixed sizes,
however if a bigger value is set in ~/.zshrc, it will override it,
potentially causing the user history to be deleted.
So, only set these values if no other is set and if it is lower than the
default ones.
* Automatic title: Replace fg with description from jobs
* Avoid error messages when there is no job
* Use $jobstates and $jobtexts to look for jobs
`jobs %string` doesn't work correctly when run inside `$()`. `$jobstates` and
`$jobtexts` is available in the current shell process, so even though we need
to replicate a bit more logic, every type of `fg` invocation works correctly.
* lib: clean up termsupport.zsh
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
`jobs %string` doesn't work correctly when run inside `$()`. `$jobstates` and
`$jobtexts` is available in the current shell process, so even though we need
to replicate a bit more logic, every type of `fg` invocation works correctly.
- Move grep-alias path to variable.
- Use <<< "" instead of piped echo to check grep flags.
- Remove check for --color only since it's the same release as --exclude.
This version tries whether grep supports all the flags together
and progressively checks older flags if the grep test fails.
This means only one grep call if all flags are supported, and
one additional call for every flag that's not supported, up to
a maximum of 3 calls.
Apple's Terminal doesn't open a new tab in your current directory if your hostname has UTF-8 characters in it. Percent encoding the host in addition to the path in update_terminalapp_cwd appears to solve this issue.
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
Use add-zsh-hook to add functions to hooks. That way they won't be added again
when doing `source ~/.zshrc` multiple times.
Co-authored-by: Marc Cornellà <marc.cornella@live.com>
$GIT_STATUS_IGNORE_SUBMODULES can be used to specify handling of
submodules. It can be:
not set : ignore dirty submodules (this was default zsh behavior)
"git" : do not use "--ignore-submodules" and let git choose,
this obeys setting in .gitmodules
other : comes into "--ignore-submodules=$GIT_STATUS_IGNORE_SUBMODULES"
WSL 2 changes the output of `uname -r`. For instance,
WSL 1: 4.4.0-18980-Microsoft
WSL 2: 4.19.67-microsoft-standard
Since WSL 2 lowercases the M, we can match for the rest of the string
which remains lowercase throughout both versions. Another option would
be to match for both upper- and lower-case Ms, like that:
$(uname -r) = *[Mm]icrosoft*
Fixed use of nohup in open_command where it was only necessary for
xdg-open (and actually harmful for cmd.exe in WSL 2). The current logic
is simpler and more future-proof.
Previously, OS detection would happen on each invocation. This makes it
happen once (unless it fails, in which case it will try again on the
next invocation).
This has the additional benefit of localizing the platform-specific
checks and commands, too, versus spreading them out in separate
functions.
Ideally the parameter would just be removed-users could always
just do "clipcopy < some-file". but removing the parameter would break
backwards compatibility.
In any case, this simplifies the logic considerably.
Changes themes displaying RVM or other Ruby version info to use the central
ruby_prompt_info function. This supports more Ruby versioning mechanisms,
reduces copy-and-paste code, and avoids "zsh: no such file or directory: rvm-prompt"
when run on machines that do not have RVM installed.
Changes the prefix/suffix variable names to ZSH_THEME_RUBY_PROMPT_PREFIX and
ZSH_THEME_RUBY_PROMPT_SUFFIX, since they apply to all Ruby versioning mechanisms,
not just RVM.
Allows empty ZSH_THEME_RUBY_PROMPT_PREFIX and ZSH_THEME_RUBY_PROMPT_SUFFIX.
Initializes jenv and provides the jenv_prompt_info funtion to add
Java version information to prompts. This function is stubbed in
prompt_info_functions script to allow it to be safely called
regardless of whether or not the jenv plugin is loaded.
It also splits detection of the plugin/versions directory and bin directory
to suppport the way Homebrew splits the jenv bin and data directories
This reverts commit 9544316ef9.
This setting broke mouse / touchpad scroll on programs using `less` output
due to it not using the alternate screen buffer.
Fixes#7025
