| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-11-16 | style(dirhistory): remove use of `eval` completely | Marc Cornellà | |
| 2021-11-11 | fix(themes): fix potential command injection in `pygmalion`, ↵ | Marc Cornellà | |
| `pygmalion-virtualenv` and `refined` The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information which results in a double evaluation of this information, so a malicious git repository could trigger a command injection if the user cloned and entered the repository. A similar method could be used in the refined theme. All themes have been patched against this vulnerability. | |||
| 2021-11-11 | fix(plugins): fix potential command injection in `rand-quote` and `hitokoto` | Marc Cornellà | |
| The `rand-quote` plugin uses quotationspage.com and prints part of its content to the shell without sanitization, which could trigger command injection. There is no evidence that this has been exploited, but this commit removes all possibility for exploit. Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the shell, also without sanitization. Furthermore, there is also no evidence that this has been exploited, but with this change it is now impossible. | |||
| 2021-11-11 | fix(lib): fix potential command injection in `title` and `spectrum` functions | Marc Cornellà | |
| The `title` function unsafely prints its input without sanitization, which if used with custom user code that calls it, it could trigger command injection. The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is changed in the user's shell environment with a carefully crafted value. This is highly unlikely to occur (and if possible, other methods would be used instead), but with this change the exploit of these two functions is now impossible. | |||
| 2021-11-11 | fix(dirhistory): fix unsafe eval bug in back and forward widgets | Marc Cornellà | |
| The plugin unsafely processes directory paths in pop_past and pop_future. This commit fixes that. | |||
| 2021-11-11 | fix(lib): fix `omz_urldecode` unsafe eval bug | Marc Cornellà | |
| The `omz_urldecode` function uses an eval to decode the input which can be exploited to inject commands. This is used only in the svn plugin and it requires a complex process to exploit, so it is highly unlikely to have been used by an attacker. | |||
| 2021-11-11 | fix(dirhistory): fix Up/Down key bindings for Terminal.app | Marc Cornellà | |
| Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011 | |||
| 2021-11-10 | fix(command-not-found): pass arguments correctly in Termux (#10403) | Kirill Molchanov | |
| 2021-11-10 | fix(cli): avoid `git -C` for compatibility with git < v1.8.5 (#10404) | Marc Cornellà | |
| 2021-11-10 | fix(updater): avoid `git -C` for compatibility with git < v1.8.5 (#10404) | Marc Cornellà | |
| Fixes #10404 | |||
| 2021-11-09 | refactor(updater): simplify check for available updates | Marc Cornellà | |
| 2021-11-09 | style(frontend-search): rename completion file to `_frontend` | Marc Cornellà | |
| 2021-11-09 | fix(cli): fix check for completion files in `omz plugin load` | Marc Cornellà | |
| 2021-11-09 | fix(emotty): fix glyphs output width in emotty theme | Marc Cornellà | |
| 2021-11-09 | feat(refined): allow selecting git branch by changing prefix to `:` (#10400) | Janusz Mordarski | |
| 2021-11-09 | style: use `-n` flag in `head` and `tail` commands (#10391) | Kevin Burke | |
| Co-authored-by: Marc Cornellà <hello@mcornella.com> | |||
| 2021-11-08 | feat(tmux): set session name with `ZSH_TMUX_DEFAULT_SESSION_NAME` (#9063) | Shahin Sorkh | |
| 2021-11-08 | refactor(percol): fix style, bind keys for vi-mode and remove dependencies | Marc Cornellà | |
| 2021-11-05 | refactor(osx): Rename osx plugin to macos (#10341) | Jonathan Batchelor | |
| Apple changed the name of their operating system from OS X to macOS a number of years ago. This was overdue! As per issue #10311 * refactor(osx): rename `osx` plugin to `macos` * refactor(macos): Add symbolic link from old `osx` plugin name. | |||
| 2021-11-05 | fix(updater): stop update if connection unavailable | Marc Cornellà | |
| 2021-11-03 | docs: add Security Policy | Marc Cornellà | |
| 2021-11-03 | fix(command-not-found): pass arguments correctly in NixOS (#10381) | amnore | |
| 2021-11-02 | feat(ys): increase color contrast with light color schemes (#10295) | Aaron Hutchinson | |
| 2021-11-02 | feat(dirhistory): support urxvt terminal key binding (#8370) | Michael Peick | |
| Closes #8370 | |||
| 2021-11-02 | fix(dirhistory): fix ALT+Up/Down key bindings for Terminal.app | Marc Cornellà | |
| 2021-11-02 | docs(dirhistory): document OPT key alternative for macOS and fix style | Marc Cornellà | |
| Fixes #10350 | |||
| 2021-11-02 | fix(lib): fix `1` alias to `cd` to directory 1 in stack (#10370) | Richard Mitchell | |
| 2021-10-30 | chore: fix grammar mistake in `CONTRIBUTING.md` (#10362) | Afzal Sayed | |
| 2021-10-29 | feat(xcode): support `Package.swift` as project file in `xc` (#10358) | YR Chen | |
| 2021-10-27 | feat(fzf): support getting fzf from nix-darwin (#10355) | Christophe Bliard | |
| 2021-10-27 | fix(changelog): fix for `${(@ps:$sep:)var}` construct in zsh < 5.0.8 | Marc Cornellà | |
| In recent zsh versions, `${(@ps:$sep:)var}` where $sep is a variable containing a separator string and $var is a string with multiple values separated by $sep, the `p` flag makes zsh correctly expand $sep before splitting $var. In versions older than 5.0.8, this doesn't happen, so we use `eval` to get the same effect. | |||
| 2021-10-26 | fix(changelog): fix percent escapes in `printf` calls | Marc Cornellà | |
| 2021-10-26 | perf(changelog): use regex-match instead of `sed` to parse commit subjects | Marc Cornellà | |
| 2021-10-26 | fix(changelog): go back to ignoring commits from merged branches | Marc Cornellà | |
| 2021-10-26 | perf(changelog): use a single `git log` command to get all commit messages | Marc Cornellà | |
| 2021-10-26 | feat(mix): update `mix` commands and descriptions (#10273) | José Camelo Freitas | |
| 2021-10-26 | fix(changelog): don't show more than 40 commits (#10345) | Marc Cornellà | |
| Fixes #10345 | |||
| 2021-10-25 | fix(cli): exit `omz update` with correct error code (#10342) | Sina Tak Tehrani | |
| 2021-10-23 | fix(ssh-agent): fix check for running `ssh-agent` process with hidepid /proc ↵ | Marc Cornellà | |
| (#8492) Fixes #8492 | |||
| 2021-10-20 | feat(osx): add `freespace` command to clean purgeable disk space (#8762) | Rob Vadai | |
| Co-authored-by: Marc Cornellà <hello@mcornella.com> | |||
| 2021-10-20 | fix(ruby)!: rename aliases that start with `g` to `ge` | Marc Cornellà | |
| BREAKING CHANGE: all `gem` aliases that started with `g` now start with `ge` to fix conflicting names with the `git` plugin. Also, the `ghlp` alias is now renamed `geh`. Have a look at the plugin README for more information. Fixes #10320 | |||
| 2021-10-19 | feat(ruby): add multiple `gem` aliases (#9005) | Marc Cornellà | |
| Mostly empty commit to fix the changelog for merge at 6f4c7f64 | |||
| 2021-10-19 | Merge branch 'royninja-patch-1' | Robby Russell | |
| 2021-10-19 | Swapping gh with ghlp as 'gh' is reserved for the Github CLI. #9005 | Robby Russell | |
| 2021-10-19 | Merge branch 'patch-1' of https://github.com/royninja/ohmyzsh into ↵ | Robby Russell | |
| royninja-patch-1 | |||
| 2021-10-18 | docs(README): document new `zstyle` update settings (#10304) | Eric | |
| Co-authored-by: Marc Cornellà <hello@mcornella.com> | |||
| 2021-10-13 | feat(updater): add support for terminal hyperlinks | Marc Cornellà | |
| 2021-10-13 | feat(obraun): display time with leading zeros (#10289) | Igor Gavelyuk | |
| 2021-10-11 | fix(ssh-agent): fix for bad `zstyle` command argument | Marc Cornellà | |
| Fixes #10282 | |||
| 2021-10-11 | feat(ssh-agent): allow lazy-loading SSH identities (#6309) | Marc Cornellà | |
| Fixes #7477 | |||
 |
index : zsh.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |