h/fish-shell
1
Fork 0
mirror of https://github.com/fish-shell/fish-shell.git synced 2026-06-06 08:51:14 -03:00
Code Issues Packages Projects Releases Wiki Activity

fish_config: Pass filenames as arguments

Browse Source 
This injected filenames into fish script, which could inject things
that looked like fish script.

E.g. create a file called `~/.config/fish/themes/"; rm -rf ~/*"`.

Note that the prompts are all shipped by us, but the themes can
technically be added by the user, and they might not be dilligent in
what filenames they allow.
This commit is contained in:
Fabian Homborg
2021-07-16 17:28:40 +02:00
parent f345464879
commit 405a03bfae
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
share/functions/fish_config.fish
View File

@@ -60,13 +60,13 @@ function fish_config --description "Launch fish's web based configuration"
end end
set -l promptname (string replace -r '.*/([^/]*).fish$' '$1' $p) set -l promptname (string replace -r '.*/([^/]*).fish$' '$1' $p)
echo -s (set_color --underline) $promptname (set_color normal) echo -s (set_color --underline) $promptname (set_color normal)
$fish -c "functions -e fish_right_prompt; source $p; $fish -c 'functions -e fish_right_prompt; source $argv[1];
false false
fish_prompt fish_prompt
echo (set_color normal) echo (set_color normal)
if functions -q fish_right_prompt; if functions -q fish_right_prompt;
echo right prompt: (false; fish_right_prompt) echo right prompt: (false; fish_right_prompt)
end" end' $p
echo echo
end end
case list '' case list ''
@@ -191,10 +191,10 @@ function fish_config --description "Launch fish's web based configuration"
# Use a new, --no-config, fish to display the theme. # Use a new, --no-config, fish to display the theme.
# So we can use this function, explicitly source it before anything else! # So we can use this function, explicitly source it before anything else!
functions fish_config | $fish -C "source -" --no-config -c " functions fish_config | $fish -C "source -" --no-config -c '
fish_config theme choose '$themename' fish_config theme choose $argv
fish_config theme demo '$themename' fish_config theme demo $argv
" ' $themename
end end
case choose save case choose save