From 4a74349635cf30d305766b459c7cc3246831676e Mon Sep 17 00:00:00 2001 From: Janusz Mordarski Date: Tue, 9 Nov 2021 09:50:25 +0100 Subject: feat(refined): allow selecting git branch by changing prefix to `:` (#10400) --- themes/refined.zsh-theme | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'themes/refined.zsh-theme') diff --git a/themes/refined.zsh-theme b/themes/refined.zsh-theme index 2a4188c9d..5d39bd757 100644 --- a/themes/refined.zsh-theme +++ b/themes/refined.zsh-theme @@ -33,8 +33,8 @@ autoload -Uz vcs_info zstyle ':vcs_info:*' enable hg bzr git zstyle ':vcs_info:*:*' unstagedstr '!' zstyle ':vcs_info:*:*' stagedstr '+' -zstyle ':vcs_info:*:*' formats "$FX[bold]%r$FX[no-bold]/%S" "%s/%b" "%%u%c" -zstyle ':vcs_info:*:*' actionformats "$FX[bold]%r$FX[no-bold]/%S" "%s/%b" "%u%c (%a)" +zstyle ':vcs_info:*:*' formats "$FX[bold]%r$FX[no-bold]/%S" "%s:%b" "%%u%c" +zstyle ':vcs_info:*:*' actionformats "$FX[bold]%r$FX[no-bold]/%S" "%s:%b" "%u%c (%a)" zstyle ':vcs_info:*:*' nvcsformats "%~" "" "" # Fastest possible way to check if repo is dirty -- cgit v1.2.3-70-g09d2 From b3ba9978cc42a5031c7b68e3cf917ec2e64643bc Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Tue, 9 Nov 2021 09:54:21 +0100 Subject: fix(themes): fix potential command injection in `pygmalion`, `pygmalion-virtualenv` and `refined` The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information which results in a double evaluation of this information, so a malicious git repository could trigger a command injection if the user cloned and entered the repository. A similar method could be used in the refined theme. All themes have been patched against this vulnerability. --- themes/pygmalion-virtualenv.zsh-theme | 11 ++++++----- themes/pygmalion.zsh-theme | 6 +++--- themes/refined.zsh-theme | 1 + 3 files changed, 10 insertions(+), 8 deletions(-) (limited to 'themes/refined.zsh-theme') diff --git a/themes/pygmalion-virtualenv.zsh-theme b/themes/pygmalion-virtualenv.zsh-theme index 47b0b4fb1..c2ab7f4e6 100644 --- a/themes/pygmalion-virtualenv.zsh-theme +++ b/themes/pygmalion-virtualenv.zsh-theme @@ -35,19 +35,20 @@ prompt_setup_pygmalion(){ } prompt_pygmalion_precmd(){ - setopt localoptions extendedglob + setopt localoptions nopromptsubst extendedglob local gitinfo=$(git_prompt_info) local gitinfo_nocolor=${gitinfo//\%\{[^\}]##\}} - local exp_nocolor="$(print -P \"$base_prompt_nocolor$gitinfo_nocolor$post_prompt_nocolor\")" + local exp_nocolor="$(print -P \"${base_prompt_nocolor}${gitinfo_nocolor}${post_prompt_nocolor}\")" local prompt_length=${#exp_nocolor} + # add new line on prompt longer than 40 characters local nl="" - if [[ $prompt_length -gt 40 ]]; then - nl=$'\n%{\r%}'; + nl=$'\n%{\r%}' fi - PROMPT="$base_prompt$gitinfo$nl$post_prompt" + + PROMPT="${base_prompt}\$(git_prompt_info)${nl}${post_prompt}" } prompt_setup_pygmalion diff --git a/themes/pygmalion.zsh-theme b/themes/pygmalion.zsh-theme index b13adfd5f..be9ca3889 100644 --- a/themes/pygmalion.zsh-theme +++ b/themes/pygmalion.zsh-theme @@ -19,14 +19,14 @@ prompt_setup_pygmalion(){ } prompt_pygmalion_precmd(){ - setopt localoptions extendedglob + setopt localoptions nopromptsubst extendedglob local gitinfo=$(git_prompt_info) local gitinfo_nocolor=${gitinfo//\%\{[^\}]##\}} - local exp_nocolor="$(print -P \"$base_prompt_nocolor$gitinfo_nocolor$post_prompt_nocolor\")" + local exp_nocolor="$(print -P \"${base_prompt_nocolor}${gitinfo_nocolor}${post_prompt_nocolor}\")" local prompt_length=${#exp_nocolor} - PROMPT="${base_prompt}${gitinfo}${post_prompt}" + PROMPT="${base_prompt}\$(git_prompt_info)${post_prompt}" } prompt_setup_pygmalion diff --git a/themes/refined.zsh-theme b/themes/refined.zsh-theme index 5d39bd757..5e2de7a87 100644 --- a/themes/refined.zsh-theme +++ b/themes/refined.zsh-theme @@ -70,6 +70,7 @@ preexec() { # Output additional information about paths, repos and exec time # precmd() { + setopt localoptions nopromptsubst vcs_info # Get version control info before we start outputting stuff print -P "\n$(repo_information) %F{yellow}$(cmd_exec_time)%f" unset cmd_timestamp #Reset cmd exec time. -- cgit v1.2.3-70-g09d2