<feed xmlns='http://www.w3.org/2005/Atom'>
<title>zsh.git/themes/pygmalion-virtualenv.zsh-theme, branch master</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>http://cnjoe.info/git/zsh.git/atom/themes/pygmalion-virtualenv.zsh-theme?h=master</id>
<link rel='self' href='http://cnjoe.info/git/zsh.git/atom/themes/pygmalion-virtualenv.zsh-theme?h=master'/>
<link rel='alternate' type='text/html' href='http://cnjoe.info/git/zsh.git/'/>
<updated>2021-11-11T21:45:40Z</updated>
<entry>
<title>fix(themes): fix potential command injection in `pygmalion`, `pygmalion-virtualenv` and `refined`</title>
<updated>2021-11-11T21:45:40Z</updated>
<author>
<name>Marc Cornellà</name>
<email>hello@mcornella.com</email>
</author>
<published>2021-11-09T08:54:21Z</published>
<link rel='alternate' type='text/html' href='http://cnjoe.info/git/zsh.git/commit/?id=b3ba9978cc42a5031c7b68e3cf917ec2e64643bc'/>
<id>urn:sha1:b3ba9978cc42a5031c7b68e3cf917ec2e64643bc</id>
<content type='text'>
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.
</content>
</entry>
<entry>
<title>pygmalion: use pure zsh instead of perl (#9210)</title>
<updated>2020-08-28T22:27:06Z</updated>
<author>
<name>Florian Klink</name>
<email>flokli@flokli.de</email>
</author>
<published>2020-08-28T22:27:06Z</published>
<link rel='alternate' type='text/html' href='http://cnjoe.info/git/zsh.git/commit/?id=4ed6fd2b8b6a0efb2f84f00a64503282aca260e7'/>
<id>urn:sha1:4ed6fd2b8b6a0efb2f84f00a64503282aca260e7</id>
<content type='text'>
My system doesn't have `perl` in $PATH, so using this theme clutters the
shell output quite a bit.

Turns out, the same thing can be accomplished in pure zsh (with
extendedglob).

Co-Authored-By: Marc Cornellà &lt;marc.cornella@live.com&gt;
</content>
</entry>
<entry>
<title>Use safer append to hook function arrays (#8406)</title>
<updated>2019-11-19T17:47:12Z</updated>
<author>
<name>Jacob Tomaw</name>
<email>jacob.tomaw@gmail.com</email>
</author>
<published>2019-11-19T17:47:12Z</published>
<link rel='alternate' type='text/html' href='http://cnjoe.info/git/zsh.git/commit/?id=1ba0af650ac575a7d35b10146d2e7a7b3b2e2ae6'/>
<id>urn:sha1:1ba0af650ac575a7d35b10146d2e7a7b3b2e2ae6</id>
<content type='text'>
Use add-zsh-hook to add functions to hooks. That way they won't be added again
when doing `source ~/.zshrc` multiple times.

Co-authored-by: Marc Cornellà &lt;marc.cornella@live.com&gt;</content>
</entry>
<entry>
<title>Add pygmalion-virtualenv theme (#5139)</title>
<updated>2019-03-24T16:25:26Z</updated>
<author>
<name>shellbye</name>
<email>Shellbye@users.noreply.github.com</email>
</author>
<published>2019-03-24T16:25:26Z</published>
<link rel='alternate' type='text/html' href='http://cnjoe.info/git/zsh.git/commit/?id=5ff21efad72117377c7b6cabd850d6b2b01ee31a'/>
<id>urn:sha1:5ff21efad72117377c7b6cabd850d6b2b01ee31a</id>
<content type='text'>
</content>
</entry>
</feed>
