1
0
Fork 0
mirror of synced 2024-11-14 03:58:58 -05:00
Commit graph

5 commits

Author SHA1 Message Date
Eric Nielsen
53a3cd7933 Fix git-info arbitrary command execution exposure
The contents of git_info are subject to expansion by the shell. Avoid
putting raw ref names in the prompt to protect the user from arbitrary
code execution via specially crafted ref names (e.g., a ref named
'$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)' would execute 'sudo rm -rf /' when the
prompt is drawn). Instead, put the ref names in new global variables and
reference these variables from git_info.

See:
- https://github.com/njhartwell/pw3nage
- 8976500cbb

Fixes #158, Closes #159
2017-03-30 10:17:03 -07:00
Eric Nielsen
0df896c3f1 Change git-info verbose mode implementation
so it behaves alike the non-verbose mode. For example, in the "merge"
special action context, files are being reported as both indexed and
unindexed by `git diff-index` and `git diff-files` commands in
non-verbose mode. That was not the case with the regular expressions
used in the verbose mode.
2017-03-29 19:40:03 -07:00
Eric Nielsen
a844454a65 Remove undocumented git-info configuration
`prompt.showinfo` for enabling or disabling it globally or per
repository. It can be globally disabled by not loading the `git-info`
module at all, and prompts currently will not break (and in the future
should still not break) if the module is not loaded.

This removes one git call that is used to check for the
`prompt.showinfo` configuration value.
2017-03-27 13:56:47 -07:00
Eric Nielsen
53aef5a05c Add diverged context to git-info
that, when defined, will be set if branch is both ahead and behind of
remote. If not defined, the `ahead` and `behind` contexts will still be
set, as how they worked previously.
2017-03-27 13:56:47 -07:00
Eric Nielsen
cabf368847 Add git-info module
based on the Prezto git module
[function](https://github.com/sorin-ionescu/prezto/blob/master/modules/git/functions/git-info)
and further refactored and simplified.

What changed:
- Commit format only in 'detached HEAD' state, so
  `$(coalesce "%b" "%c")` is not needed, because you only get one of
  those.
- Removed the `added`, `deleted`, `modified`, `renamed` and `unmerged`
  verbose contexts.
- `git status` is only used in verbose mode.
- In non-verbose mode, the `untracked` context is not available, and
  also untracked files are not considered for computing the `dirty`
  context. Using `git status` or checking for untracked files is
  [expensive](https://gist.github.com/sindresorhus/3898739).
2017-01-16 10:26:17 -08:00