Actual working fix guarding against malicious branch names
authorJoerg Jaspert <joerg@debian.org>
Sun, 19 Mar 2017 21:09:27 +0000 (22:09 +0100)
committerJoerg Jaspert <joerg@debian.org>
Sun, 19 Mar 2017 21:09:27 +0000 (22:09 +0100)
.zsh/functions/prompt_ganneff_setup

index 2fe9456..5d9e9c1 100644 (file)
@@ -608,9 +608,8 @@ ganneff_prompt_addto () {
                 ;;
             vcs)
                 v="vcs_info_msg_${new}_"
-                v=${v//[^a-z0-9\/]/-}
                 if (( ${+parameters[$v]} )) && [[ -n "${(P)v}" ]]; then
-                    typeset -g "${target}=${(P)target}${(P)v}"
+                    typeset -g "${target}=${(P)target}${(P)v//[$\`]/}"
                 fi
                 ;;
             *) typeset -g "${target}=${(P)target}${new}" ;;