Dollar sign in variable value may cause part of the command to be repeated in the variable value

[Taitava]

Problematic symbol pairs

If a {{variable}} gives a value that contains one of the following...:

• $$: ... then the two dollars will be reduced to a single dollar: $.
• $&: ... then $& will be replaced by the variable usage, e.g. $& becomes something like {{variable_name:argument}}.
• $`: ... will be replaced by whatever the shell command happens to contain before the variable. (Repetition).
• $': ... will be replaced by whatever the shell command happens to contain after the variable. (Repetition).
• $n, where n is a number: is not actually replaced by anything, but has a theoretical risk of being replaced by something.
• $<name>, where <name> is a string, is not actually replaced by anything, but has a theoretical risk, too. (Source for the list of these symbol pairs)

Only in variable values

I need to epmhasize that this bug occurs when one of the above symbol pairs occurs in a value returned by a variable. E.g. if you have $& in your clipboard and you use a shell command like echo {{clipboard}}, the bug will happen. However, if your clipboard doesn't contain $&, but your shell command does have it outside of a variable, e.g. echo "$&" {{cliboard}}, then the bug will not happen, because $& will not be part of variable parsing.

An example command to demonstrate the problem

a) Say that you have the following:

• A shell command like echo "{{clipboard}}"
• You clipboard contains the following text: This is a sentence that has some $& special characters in it.
• The result how the command will look like when executed: echo "This is a sentence that has some {{cliboard}} special characters in it."

b) Say that you have the following:

• A shell command like echo "{{clipboard}}"
• You clipboard contains the following text: This is a sentence that has some $` special characters in it.
• The result how the command will look like when executed: echo "This is a sentence that has some echo " special characters in it."

The latter is even more dangerous as it has theoretical risk of repeating a command (echo in this case, which is not so dangerous, but some other command might be). Here's a screenshot of the latter example: (SC version 0.6.0)

Affected versions

I've tested this in 0.6.0 and the still in-development 0.7.0 and the bug happens on both of them. I have all reasons to think that this bug affects all versions of SC that support variables, which mean all versions between 0.1.0 - 0.6.0.

0.7.0 will have a fix for this, but I'll also release a patch version 0.6.1 just for this fix. 0.6.1 will be released sooner than 0.7.0.

[Taitava]

Here is the cause of the bug: https://github.com/Taitava/obsidian-shellcommands/blob/83504bc250025a89c93665201caf48865ddd01f3/src/variables/parseShellCommandVariables.ts#L70 Here .replace() applies the above list of things to variable_value. I need to replace variable_value with a function that returns variable_value. Kind of foolish, but it prevents JavaScript from doing this kind of replacing.