Commit graph

4264 commits

Author SHA1 Message Date
Andy Lutomirski
9079ec459c webconfig: fixes for token security
* Use 16-byte tokens
 * Use os.urandom (random.getrandbits shouldn't be used for security)
 * Convert to hex correctly
2014-08-22 15:44:43 +08:00
Andy Lutomirski
aaddccfdb1 webconfig: Use a constant-time token comparison
This prevents a linear-time attack to recover the auth token.
2014-08-22 15:39:13 +08:00
ridiculousfish
033373f078 Merge branch 'make_type_better' of github.com:kballard/fish-shell into kballard-make_type_better 2014-08-21 21:36:39 -07:00
Kevin Ballard
d63db59ade Clean up the IFS handling in command substitution
Remove the useless ASCII test of the first byte of IFS. We don't split
on the first character, we only use a non-empty IFS as a signal to split
on newlines.
2014-08-21 20:57:23 -07:00
Kevin Ballard
20899f2df9 doc: Document how IFS affects command substitution
IFS is used for more than just the read builtin. Setting it to the empty
string also disables line-splitting in command substitution, and it's
done this for the past 7 years. Some day we may have a better way to do
this, but for now, document the current solution.
2014-08-21 20:57:23 -07:00
Kevin Ballard
b9948ca297 doc: Fix docs on $HOME/$USER
The docs claimed that the $HOME and $USER variables could only be
changed by the root user. This is untrue. They can be changed by
non-root users as well.
2014-08-21 20:57:23 -07:00
Kevin Ballard
f33e6a053e doc: Fix links in "Further help and development"
Hyperlink the mailing list to the proper info page.

Tweak the GitHub link to use https.
2014-08-21 19:15:58 -07:00
Kevin Ballard
9f725bee1f set: Print an error when setting umask to a bad value
Repurpose the ENV_INVALID return value for env_set(), which wasn't
currently used by anything. When a bad value is passed for the 'umask'
key, return ENV_INVALID to signal this and print a good error message
from the `set` builtin.

This makes `set umask foo` properly produce an error.
2014-08-21 19:06:21 -07:00
Kevin Ballard
2974025010 Fix error span for invalid slice indexes
The span now properly points at the token that was invalid, rather than
the start of the slice.

Also fix the span for `()[1]` and `()[d]`, which were previously
reporting no source location at all.
2014-08-21 01:10:07 -07:00
Kevin Ballard
9a90e041f3 Color "$foo[1" as an error
We can't color the whole argument as an error, since the tokenizer is
responsible for that and doesn't care abou this case, but we can color
the `$foo[` bit as an error.
2014-08-20 22:55:24 -07:00
Kevin Ballard
b0be15d4f7 Fix highlighting of "foo\"bar"
The backslash-escape wasn't being properly caught by the highlighter.

Also remove the highlighting of `"\'"`, as `\'` is not a valid escape in
double-quotes, and add highlighting for a backslash-escaped newline.
2014-08-20 22:34:18 -07:00
Kevin Ballard
a24998abac Highlight "$foo[1]" properly
Preserve the highlighting applied to the slice brackets when coloring
variables inside of double-quoted strings.
2014-08-20 22:28:42 -07:00
Kevin Ballard
cc49042294 Parse slices even for empty variables
When a variable is parsed as being empty, parse out the slice and
validate the indexes anyway, behaving for slicing purposes as if the
variable had a single empty value.

Besides providing errors when expected, this also fixes the following:

    set -l foo
    echo "$foo[1]"

This used to print "[1]", now it properly prints nothing.
2014-08-20 22:09:32 -07:00
Kevin Ballard
3981b644d6 Fix double expansions ($$foo)
Double expansions of variables had the following issues:

* `"$$foo"` threw an error no matter what the value of `$foo` was.
* `set -l foo ''; echo $$foo` threw an error because of the expansion of
  `$foo` to `''`.

With this change, double expansion always works properly. When
double-expanding a multi-valued variable, in a double-quoted string the
first word of the inner expansion is used for the outer expansion, and
outside of a quoted string every word is used for the double-expansion
in each of the arguments.

    > set -l foo bar baz
    > set -l bar one two
    > set -l baz three four
    > echo "$$foo"
    one two baz
    > echo $$foo
    one two three four
2014-08-20 21:45:07 -07:00
Mark Griffiths
4651919bd8 Make line length, wrapping and spacing consistent 2014-08-19 13:41:23 +01:00
Mark Griffiths
fed4bb5c07 Merge branch 'master' into documentation-update
Conflicts (FIXED):
	.gitignore
	doc_src/complete.txt
	doc_src/function.txt
2014-08-19 11:42:21 +01:00
Mark Griffiths
ec903ce625 gitignore changes 2014-08-19 11:04:19 +01:00
Mark Griffiths
3ea956a0b4 Fixed a few more edge cases 2014-08-19 10:58:22 +01:00
ridiculousfish
d0c85471b4 Make escape_string transform wildcard characters
The characters ANY_CHAR, ANY_STRING, and ANY_STRING_RECURSIVE are
currently transformed by unescape, but not by escape. Let's try escaping
them. Fixes #1614.
2014-08-16 19:25:36 -07:00
Mark Griffiths
3cc62c1fd2 Fix trailing backslash after complex options 2014-08-16 10:36:34 +01:00
Mark Griffiths
079e369e91 Fix ampersand redirector 2014-08-16 10:18:41 +01:00
ridiculousfish
06400b83b1 Support for command wrapping ("aliases")
Add the --wraps option to 'complete' and 'function'. This allows a
command to (recursively) inherit the completions of a wrapped command.
Fixes #393.

When evaluating a completion, we inspect the entire "wrap chain" for a
command, i.e. we follow the sequence of wrapping until we either hit a
loop (which we silently ignore) or the end of the chain. We then
evaluate completions as if the wrapping command were substituted with
the wrapped command. Currently this only works for commands, i.e.
'complete --command gco --wraps git\ checkout' won't work (that would
seem to encroaching on abbreviations anyways). It might be useful to
show an error message for that case.

The commandline builtin reflects the commandline with the wrapped
command substituted in, so e.g. git completions (which inspect the
command line) will just work. This sort of command line munging is
also performed by 'complete -C' so it's not totally without precedent.

'alias will also now mark its generated function as wrapping the
'target.
2014-08-15 18:14:36 -07:00
ridiculousfish
fe68d30be9 Use sgrep instead of grep in ssh completion 2014-08-13 01:06:15 -07:00
ridiculousfish
a3a11c2e0c Strip users with leading underscores from ssh completions 2014-08-12 14:46:59 -07:00
ridiculousfish
3f526698ab Make __fish_print_users work on OS X via dscl 2014-08-12 14:42:49 -07:00
ridiculousfish
6ce74febc7 Accepting an autosuggestion should clear the pager 2014-08-11 10:17:41 -07:00
ridiculousfish
ede3d422a0 Don't show "and 1 more rows" in pager if that requires a row 2014-08-11 09:55:07 -07:00
Mark Griffiths
629a39b45b Tutorial auto colouring, Man page and Make fixes
Completely fixes #1557 and the underlying Doxygen changes that caused
it. Should make fish docs simpler and more robust, more consistent and
generally prettier.

todo:
- trap unmarked text as arguments in context
- test & fix sed portability - see in particular. (so far tested on BSD
(Mac) and GNU sed).
- test Makefile changes
- last round of aesthetic changes and getting that ascii fish in there…
2014-08-08 03:44:37 +01:00
Mark Griffiths
6513c7eab8 Updated build_doc…sh to run cleanly in Xcode build
If the lexicon input filter isn't specified (as is the case in the
current Xcode project, the script quietly continues without it.
2014-08-05 19:28:03 +01:00
Mark Griffiths
276d90a45d Update configure.ac and README for Doxygen 1.8 2014-08-05 18:46:14 +01:00
Mark Griffiths
c94b15a951 Revert 60b9f8d..e4d6eaf
This rolls back to commit 60b9f8db18.
2014-08-05 18:43:33 +01:00
Mark Griffiths
e4d6eaf17a Revert Xcode project
This reverts accidentally included files in commit
60b9f8db18.
2014-08-05 18:28:11 +01:00
Mark Griffiths
60b9f8db18 Update autoconf and README for Doxygen 1.8 2014-08-05 18:09:15 +01:00
Mark Griffiths
cff928e2dc Merge branch 'master' into documentation-update
Conflicts:
	doc_src/index.hdr.in -- UPDATED
	doc_src/license.hdr -- UPDATED
2014-08-05 13:50:21 +01:00
Mark Griffiths
6aa701b3ee Fix missed escaped '--' inside /fish block 2014-08-05 13:07:46 +01:00
ridiculousfish
cb480dddf6 Don't try to colorize errors when running in Xcode 2014-08-04 13:55:53 -07:00
ridiculousfish
33c714ca03 Add fish_tests target to Xcode build
Allows running the tests in Xcode
2014-08-04 13:32:23 -07:00
Gio d'Amelio
bcda3f1baa Set $CMD_DURATION to milliseconds. Fixes #1585 2014-08-04 13:36:39 +08:00
David Adam
4ae2753025 Authenticate connections to web_config service
- Require all requests to use a session path.
 - Use a redirect file to avoid exposing the '/start' URL on the
   command line, as it contains the cookie value.

Fix for CVE-2014-2914.
Closes #1438.
2014-08-04 13:34:26 +08:00
David Adam
8844f0c142 Clarify I/O redirection documentation
Fix the examples and try and improve the clarity of the section.

Closes #1409.
2014-08-03 18:54:10 +08:00
David Adam
6cabd42ed2 Remove getpeerid/getpeerucred and fallbacks 2014-08-03 15:40:44 +08:00
ridiculousfish
0daee33ad6 Document new fish_title behavior per #334 2014-08-03 00:00:26 -07:00
ridiculousfish
b97a94ccc8 Clean up reader_write_title to work with wcstring 2014-08-02 21:01:40 -07:00
Mark Griffiths
5cc3dcdbd8 Add lexicon filter to manpages.
Fixed manpage 'NAME'. Under Doxygen 1.8, the output format has
changed, so the old sed script was leaving man pages with two titles.
2014-08-03 02:25:47 +01:00
Mark Griffiths
7e3382340e Lexicon filter: fix 'if' and 'for' special cases 2014-08-03 02:22:23 +01:00
jianjun
87abcecca6 add command line string as $argv[1] for fish_title 2014-08-02 12:57:38 -07:00
Mark Griffiths
8ca88f14f7 Style fix for sub-line comments 2014-08-02 17:11:00 +01:00
Mark Griffiths
b4a4a7c611 Fixes lexicon filter pipes '|" 2014-08-02 17:10:28 +01:00
Kevin Stone
556680cf5e Update grunt.fish
Fixed command error when no local Gruntfile results in a command error.

Fixes #1592.
2014-08-02 00:04:26 -07:00
Mark Griffiths
f4077bd41f Merged in latest changes to docs and formatting tweaks
Addresses issue #1557 as well as fixing many typos, HTML errors and
inconsistencies. Also introduces automatic syntax colouring and enables
new documentation to be written in Markdown. TODO fix Tutorial.
2014-08-02 04:51:43 +01:00