fix(plugins): fix potential command injection in `rand-quote` and `hitokoto` - zsh.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Marc Cornellà <hello@mcornella.com>	2021-11-09 09:31:09 +0100
committer	Marc Cornellà <hello@mcornella.com>	2021-11-11 22:45:24 +0100
commit	72928432f1ddaa244e02067dd7fc14948a4a5ce4 (patch)
tree	6fa5d3e58a3b73bfa85791a0e2d736ee12671827 /plugins/github
parent	a263cdac9c15de4003d3289a53cad1d19c8cfb3f (diff)
download	zsh-72928432f1ddaa244e02067dd7fc14948a4a5ce4.tar.gz zsh-72928432f1ddaa244e02067dd7fc14948a4a5ce4.tar.bz2 zsh-72928432f1ddaa244e02067dd7fc14948a4a5ce4.zip

fix(plugins): fix potential command injection in `rand-quote` and `hitokoto`

The `rand-quote` plugin uses quotationspage.com and prints part of its content to the shell without sanitization, which could trigger command injection. There is no evidence that this has been exploited, but this commit removes all possibility for exploit. Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the shell, also without sanitization. Furthermore, there is also no evidence that this has been exploited, but with this change it is now impossible.

Diffstat (limited to 'plugins/github')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: