- 02 Aug, 2022 1 commit
-
-
Ben Walton authored
-
- 12 Jul, 2022 4 commits
-
-
hellzbellz authored
-
Marc Cornellà authored
See #10925
-
Marc Cornellà authored
-
Marc Cornellà authored
Fixes #10925
-
- 15 May, 2022 1 commit
-
- 12 May, 2022 2 commits
-
-
Marc Cornellà authored
-
Will LE authored
-
- 14 Apr, 2022 2 commits
-
-
Marc Cornellà authored
-
Marc Cornellà authored
Since `set -e` is enabled, when `commit.gpgsign` is not set the `git config` command would show an error. Given that it is technically not ignored, the subshell would exit. With this change, the `commit.gpgsign` setting is properly tested by doing the fallback test if the command fails, so no exit status code ends up quiting the subshell.
-
- 31 Mar, 2022 1 commit
-
-
Carlo Sala authored
Co-authored-by:
Marc Cornellà <hello@mcornella.com>
-
- 25 Feb, 2022 1 commit
-
-
Markus (Vock) Arians authored
Co-authored-by:
Markus Arians <markus.arians@andrena.de>
-
- 21 Feb, 2022 2 commits
-
-
Marc Cornellà authored
-
Marc Cornellà authored
-
- 13 Feb, 2022 1 commit
-
-
Marc Cornellà authored
This lib function applies a patch to the VCS_INFO_formats function in zsh versions from v5.0.3 until v5.8, which don't quote % chars in some arguments received. Normally that just means that some % characters in these strings (branch names, directories, etc.) will be incorrectly parsed as formatting sequences. With CVE-2021-45444, however, this means that one of these strings from a malicious source (e.g. a malicious git repository) can trigger command injection and run arbitrary code in the user's machine when visiting such git repository. Zsh 5.8.1 fixes this vulnerability [1], but older vcs_info setups still need a workaround such as this one to patch the vulnerability. [1] https://github.com/zsh-users/zsh/commit/c3ea1e5d52eff8b7b172fa8c1ccc3462b43b2790
-
- 10 Feb, 2022 1 commit
-
-
Carlo Sala authored
-
- 02 Feb, 2022 1 commit
-
-
Marc Cornellà authored
The commands `omz plugin {enable,disable}` and `omz theme set` automatically reload the zsh session on success. With this change, the CLI checks whether the commands are run in an interactive session before reloading the zsh session. This change also conditionally sets the completion function for `omz` so that it's not done in a non-interactive session.
-
- 24 Jan, 2022 1 commit
-
-
Marc Cornellà authored
Fixes #9737
-
- 22 Jan, 2022 1 commit
-
-
Marc Cornellà authored
-
- 17 Jan, 2022 1 commit
-
-
Marc Cornellà authored
-
- 13 Jan, 2022 1 commit
-
-
Marc Cornellà authored
-
- 09 Jan, 2022 1 commit
-
-
Marc Cornellà authored
-
- 03 Jan, 2022 2 commits
-
-
Marc Cornellà authored
-
Marc Cornellà authored
-
- 21 Dec, 2021 1 commit
-
-
Marc Cornellà authored
Fixes #10520
-
- 16 Dec, 2021 1 commit
-
-
Marc Cornellà authored
-
- 13 Dec, 2021 2 commits
-
-
Marc Cornellà authored
-
Marc Cornellà authored
-
- 30 Nov, 2021 1 commit
-
-
Marc Cornellà authored
-
- 25 Nov, 2021 1 commit
-
-
Paul Scott authored
-
- 11 Nov, 2021 2 commits
-
-
Marc Cornellà authored
The `title` function unsafely prints its input without sanitization, which if used with custom user code that calls it, it could trigger command injection. The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is changed in the user's shell environment with a carefully crafted value. This is highly unlikely to occur (and if possible, other methods would be used instead), but with this change the exploit of these two functions is now impossible.
-
Marc Cornellà authored
The `omz_urldecode` function uses an eval to decode the input which can be exploited to inject commands. This is used only in the svn plugin and it requires a complex process to exploit, so it is highly unlikely to have been used by an attacker.
-
- 10 Nov, 2021 1 commit
-
-
Marc Cornellà authored
-
- 09 Nov, 2021 2 commits
-
-
Marc Cornellà authored
-
Kevin Burke authored
Co-authored-by:
Marc Cornellà <hello@mcornella.com>
-
- 02 Nov, 2021 1 commit
-
-
Richard Mitchell authored
-
- 25 Oct, 2021 1 commit
-
-
Sina Tak Tehrani authored
-
- 10 Oct, 2021 1 commit
-
-
michael-yuji authored
-
- 09 Oct, 2021 1 commit
-
-
Pooya Vahidi authored
-
- 05 Oct, 2021 1 commit
-
-
Marc Cornellà authored
-