Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(dirhistory): fix unsafe eval bug in back and forward widgets
The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.
  • Loading branch information
mcornella committed Nov 11, 2021
1 parent 6cb41b7 commit 06fc5fb
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions plugins/dirhistory/dirhistory.plugin.zsh
Expand Up @@ -19,14 +19,14 @@ export DIRHISTORY_SIZE=30
# Returns the element if the array was not empty,
# otherwise returns empty string.
function pop_past() {
eval "$1='$dirhistory_past[$#dirhistory_past]'"
eval "$1=${(q)dirhistory_past[$#dirhistory_past]}"

This comment has been minimized.

Copy link
@bugwelle

bugwelle Nov 16, 2021

I've never seen this syntax before. What does (q) do here? :-)

This comment has been minimized.

Copy link
@mcornella

mcornella Nov 16, 2021

Author Member

This comment has been minimized.

Copy link
@bugwelle

bugwelle Nov 17, 2021

Thank you very much. :-)

if [[ $#dirhistory_past -gt 0 ]]; then
dirhistory_past[$#dirhistory_past]=()
fi
}

function pop_future() {
eval "$1='$dirhistory_future[$#dirhistory_future]'"
eval "$1=${(q)dirhistory_future[$#dirhistory_future]}"
if [[ $#dirhistory_future -gt 0 ]]; then
dirhistory_future[$#dirhistory_future]=()
fi
Expand Down

0 comments on commit 06fc5fb

Please sign in to comment.