- Require all requests to use a session path.
- Use a redirect file to avoid exposing the '/start' URL on the
command line, as it contains the cookie value.
Fix for CVE-2014-2914.
Closes#1438.
Currently fish doesn't recognize toor as special. However, it's likely
that on BSD systems, fish shell will be used on toor, not on root (toor
is an intentionally existing account to use more advanced shell on, like
shell).
Use `functions -q` instead of searching the `functiosn -na` list for the
provided word. This may result in an automatically-loaded function being
sourced, but that happens anyway with the default output.
This change means the results of `test -q foo` can be relied upon to
indicate whether `foo` can actually be invoked. Previosly, if `foo` was
the name of an automatically-loaded function file but did not actually
define a function `foo`, and there was no execuable `foo`, then `type -q
foo` would lie and say `foo` can be invoked when it can't.
The --quiet flag is useful when only the exit status matters.
Fix the documentation for the -t flag to no longer claim that `type` can
print "keyword", as it never does that.
Stop printing a blank line for functions/builtins when the -p flag has
been passed. It's just not useful.
Track whether -a and -f have been supplied separately. That way both
`type -a -f command` and `type -f -a command` behaves correctly, as does
`type -a -f foo` where there are multiple executables named `foo` in the
$PATH.
Stop using getopt to parse flags. It's far more expensive than
necessary, and results in long flags not being parsed on OS X. This also
allows args starting with - after the options list to be properly
interpreted as a value to test.
Print the error message to stderr as is appropriate.
Use the new `command -p` functionality when the -a flag has not been
provided (`command` does not have any equivalent to the -a flag),
instead of using `which`. This is faster and also avoids any possible
disagreement between `which` and what fish thinks is valid.
Stop testing every path to see if it's executable, that test has already
been done by `which` or `command -p`.
The end result is `type -P ls` is roughly 250% faster, according to
profiling, on my OS X machine.
* use $XDG_CACHE_HOME for __fish_print_packages completion caches
* when starting fishd, redirect fishd output to /dev/null, not a
predictable path
Fix for CVE-2014-3219.
Closes#1440.
When you chroot in Debian, bash shows the chroot environment in the prompt:
```bash
...
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
...
```
This is the effect:
```
(chroot_env) user@host:~#
```
It is useful when chrooting, since usually the hostname remains the same and thus you can't distinguish where you are.
Fix for CVE-2014-2906.
Closes a race condition in funced which would allow execution of
arbitrary code; closes a race condition in psub which would allow
alternation of the data stream.
Note that `psub -f` does not work (#1040); a fix should be committed
separately for ease of maintenance.
Closes#1437
The if statement checking the output of hg bookmarks uses two conditions
joined by the or keyword. However, only the first part was being used.
Wrapping the two statements with begin and end properly combines them.
At some point the non-verbose, non-informative variant of the prompt
(e.g. the variant that looks like the bash prompt) was modified to try
and show the behind/ahead counts the same way the informative prompt
does. Besides being wrong, it also didn't work because behind/ahead
weren't defined.
Before this change, fish config used 0 as its address. However, this
isn't a good idea from security point of view, as web service can be
accessed from everywhere, and do anything on the account it was ran on.
This also deals with firewalls which block the access to 0 even from
the host machine itself. It possibly might fix#673, but I'm not sure.
Previously, fish's command_not_found handler would be installed in
__fish_config_interactive. Errors that occured early in startup (e.g. in
config.fish) or in non-interactive mode would therefore not be reported.
With this change, fish now exposes its default cnf handler as
__fish_default_command_not_found_handler . config.fish then installs a
cnfh that invokes the default. When fish goes interactive, the initial
cnfh is overwritten with a fancier one, that may in turn fall back to
invoking the default.
commit d81ae2665f
Author: Max Gonzih <gonzih@gmail.com>
Date: Sun Feb 2 16:22:18 2014 +0300
Check for command-not-found command on suse
commit 004b794c82
Author: Max Gonzih <gonzih@gmail.com>
Date: Sun Feb 2 14:04:41 2014 +0300
Fix cnf handler for Suse and Fedora
fixes#1208
Presently, `isatty` only works on a handful of keywords. Here it
is rewritten to be able to take any path, device or fd number as
an argument, and eliminates errors printed to stdout.
Per discussion in #1228, using `builtin test -c` within a pipe to
test special file descriptors is not viable, so this implementation
specifcially uses `command test`. Additionally, a note has been
added to the documentation of `test` regarding this potential
aberration from the expected output of the test utility under the
'Standards' section.
Comment out 'o' binding
Add '['/']' bindings to navigate current token history
Fix 'P' to paste indeed
Add "*P/"*p to insert current selection clipboard using xsel
