Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)

X-seq: zsh-workers 51186
From: Stephane Chazelas <stephane@xxxxxxxxxxxx>
To: Philippe Altherr <philippe.altherr@xxxxxxxxx>
Cc: zsh-workers@xxxxxxx, Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
Subject: Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
Date: Sun, 11 Dec 2022 18:00:53 +0000
Archived-at: <https://zsh.org/workers/51186>
In-reply-to: <CAGdYchvNLkmDcPWRXrrmH6r7qZUt8PojXpVcZSagiRMDUVx9Wg@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
Mail-followup-to: Philippe Altherr <philippe.altherr@xxxxxxxxx>, zsh-workers@xxxxxxx, Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
References: <9e3026aa-39a1-dd50-4d29-a64724d4eaaf@irit.fr> <CAN=4vMq2kc1cSV_0N-c6o32C3UR3hVSjE3mF+kV4pjcy7YR9=g@mail.gmail.com> <CAH+w=7aDn7SCv4Bao7ZQqtUaEv8EkvBXa15kM_nkF_GHLAcSFg@mail.gmail.com> <20221208082103.zg44mrv77jrizsaj@chazelas.org> <CAN=4vMrSO99rKMGhmO_yjtqYLUf+senu=Lhb=F47a9S6y8d7Hw@mail.gmail.com> <20221208100215.k2qcqdqgjlzwbdh7@chazelas.org> <CAH+w=7aUz2FFiUPn3tma__hW=pK05whjrU+_g9rBAnsDz_LMHA@mail.gmail.com> <CAGdYchvNLkmDcPWRXrrmH6r7qZUt8PojXpVcZSagiRMDUVx9Wg@mail.gmail.com>

2022-12-09 13:46:21 +0100, Philippe Altherr:
[...]
> assign() {
> >     print -v "$1" "$2"
> > }
[...]

Note that that "assign" function has a command injection
vulnerability.

Even more  so than for other  commands, -- (- also works) should
always be used for "print" to separate options from non-options
at least when the first non-option argument is not guaranteed
not to start with - or +.

Try for instance:

assign var '-va[1$(reboot)]'

So:

assign() print -rv "$1" -- "$2"

Or the Bourne-compatible:

assign() eval "$1=\$2"

Or POSIX:

assign() { eval "$1=\$2"; }

A bit ironic that people often go to great lengths to avoid
using "eval" but end up coming up with unsafe solutions.

-- 
Stephane

References:
- [bug report] prompt can erase messages written on the terminal by background processes
  - From: Millian Poquet
- Re: [bug report] prompt can erase messages written on the terminal by background processes
  - From: Roman Perepelitsa
- Re: [bug report] prompt can erase messages written on the terminal by background processes
  - From: Bart Schaefer
- Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
  - From: Stephane Chazelas
- Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
  - From: Roman Perepelitsa
- Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
  - From: Stephane Chazelas
- Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
  - From: Bart Schaefer
- Re: Get cursor position (Was: [bug report] prompt can erase messages written on the terminal by background processes)
  - From: Philippe Altherr

Messages sorted by: Reverse Date, Date, Thread, Author