Closed Taitava closed 2 years ago
Here is the cause of the bug:
https://github.com/Taitava/obsidian-shellcommands/blob/83504bc250025a89c93665201caf48865ddd01f3/src/variables/parseShellCommandVariables.ts#L70
Here .replace()
applies the above list of things to variable_value
. I need to replace variable_value
with a function that returns variable_value
. Kind of foolish, but it prevents JavaScript from doing this kind of replacing.
Problematic symbol pairs
If a
{{variable}}
gives a value that contains one of the following...:$$
: ... then the two dollars will be reduced to a single dollar:$
.$&
: ... then$&
will be replaced by the variable usage, e.g.$&
becomes something like{{variable_name:argument}}
.$'
: ... will be replaced by whatever the shell command happens to contain after the variable. (Repetition).$n
, where n is a number: is not actually replaced by anything, but has a theoretical risk of being replaced by something.$<name>
, where<name>
is a string, is not actually replaced by anything, but has a theoretical risk, too. (Source for the list of these symbol pairs)Only in variable values
I need to epmhasize that this bug occurs when one of the above symbol pairs occurs in a value returned by a variable. E.g. if you have
$&
in your clipboard and you use a shell command likeecho {{clipboard}}
, the bug will happen. However, if your clipboard doesn't contain$&
, but your shell command does have it outside of a variable, e.g.echo "$&" {{cliboard}}
, then the bug will not happen, because$&
will not be part of variable parsing.An example command to demonstrate the problem
a) Say that you have the following:
echo "{{clipboard}}"
This is a sentence that has some $& special characters in it.
echo "This is a sentence that has some {{cliboard}} special characters in it."
b) Say that you have the following:
echo "{{clipboard}}"
This is a sentence that has some $` special characters in it.
echo "This is a sentence that has some echo " special characters in it."
The latter is even more dangerous as it has theoretical risk of repeating a command (
echo
in this case, which is not so dangerous, but some other command might be). Here's a screenshot of the latter example: (SC version 0.6.0)Affected versions
I've tested this in
0.6.0
and the still in-development0.7.0
and the bug happens on both of them. I have all reasons to think that this bug affects all versions of SC that support variables, which mean all versions between0.1.0
-0.6.0
.0.7.0
will have a fix for this, but I'll also release a patch version0.6.1
just for this fix.0.6.1
will be released sooner than0.7.0
.