zeaslity/ohmyzsh
0
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-05-31 08:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape % characters in git prompts

Browse Source 
This patch adds missing % character escaping for custom git prompts
used in a few themes. It also includes escaping for git-prompt.sh.

In combination with CVE-2021-45444, this could allow code execution
when displaying branch information in cloned malicious git repositories.
However, zsh 5.8.1 and newer are largely the default zsh versions, and
on those supported distributions with older zsh versions, the CVE has been
found to be also patched.

For this reason, this doesn't qualify as a security patch, but a
bug fix for proper printing of git branches.
This commit is contained in:
Marc Cornellà
2026-05-28 18:57:52 +02:00
parent 8eff9a5455
commit c90141ed77
11 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
themes/peepcode.zsh-theme
View File

@@ -31,7 +31,7 @@ git_prompt() {
local cb=$(git_current_branch)
if [[ -n "$cb" ]]; then
local repo_path=$(git_repo_path)
echo " %{$fg_bold[grey]%}$cb %{$fg[white]%}$(git_commit_id)%{$reset_color%}$(git_mode)$(git_dirty)"
echo " %{$fg_bold[grey]%}${cb//\%/%%} %{$fg[white]%}$(git_commit_id)%{$reset_color%}$(git_mode)$(git_dirty)"
fi
}