diff options
author | Junio C Hamano <gitster@pobox.com> | 2014-05-02 13:10:53 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2014-05-02 13:10:53 -0700 |
commit | f7003da0f498ee7621fad4ebd15778439e77fce2 (patch) | |
tree | 162f9c54ad92a84e8902d385c40272a24f29f4bb /contrib/completion/git-prompt.sh | |
parent | b809658141574ed34c77d3b6fdf91748a2ee13f3 (diff) | |
parent | 8976500cbbb13270398d3b3e07a17b8cc7bff43f (diff) | |
download | git-f7003da0f498ee7621fad4ebd15778439e77fce2.tar.gz |
Merge branch 'rh/prompt-pcmode-avoid-eval-on-refname'
* rh/prompt-pcmode-avoid-eval-on-refname:
git-prompt.sh: don't put unsanitized branch names in $PS1
Diffstat (limited to 'contrib/completion/git-prompt.sh')
-rw-r--r-- | contrib/completion/git-prompt.sh | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/contrib/completion/git-prompt.sh b/contrib/completion/git-prompt.sh index 54489080f8..96b8087385 100644 --- a/contrib/completion/git-prompt.sh +++ b/contrib/completion/git-prompt.sh @@ -207,7 +207,18 @@ __git_ps1_show_upstream () p=" u+${count#* }-${count% *}" ;; esac if [[ -n "$count" && -n "$name" ]]; then - p="$p $(git rev-parse --abbrev-ref "$upstream" 2>/dev/null)" + __git_ps1_upstream_name=$(git rev-parse \ + --abbrev-ref "$upstream" 2>/dev/null) + if [ $pcmode = yes ]; then + # see the comments around the + # __git_ps1_branch_name variable below + p="$p \${__git_ps1_upstream_name}" + else + p="$p ${__git_ps1_upstream_name}" + # not needed anymore; keep user's + # environment clean + unset __git_ps1_upstream_name + fi fi fi @@ -445,8 +456,27 @@ __git_ps1 () __git_ps1_colorize_gitstring fi + b=${b##refs/heads/} + if [ $pcmode = yes ]; then + # In pcmode (and only pcmode) the contents of + # $gitstring are subject to expansion by the shell. + # Avoid putting the raw ref name in the prompt to + # protect the user from arbitrary code execution via + # specially crafted ref names (e.g., a ref named + # '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)' would execute + # 'sudo rm -rf /' when the prompt is drawn). Instead, + # put the ref name in a new global variable (in the + # __git_ps1_* namespace to avoid colliding with the + # user's environment) and reference that variable from + # PS1. + __git_ps1_branch_name=$b + # note that the $ is escaped -- the variable will be + # expanded later (when it's time to draw the prompt) + b="\${__git_ps1_branch_name}" + fi + local f="$w$i$s$u" - local gitstring="$c${b##refs/heads/}${f:+$z$f}$r$p" + local gitstring="$c$b${f:+$z$f}$r$p" if [ $pcmode = yes ]; then if [ "${__git_printf_supports_v-}" != yes ]; then |