search

theleagueof / fontship

A font development toolkit and collaborative work flow.
GNU General Public License v3.0
98 stars 7 forks source link

fix(cli): Don’t use backticks to unbreak zsh compdef #108

Closed d125q closed 4 years ago

d125q commented 4 years ago

Currently, the generated zsh compdef contains something along the lines of

(( $+functions[_fontship_commands] )) ||
_fontship_commands() {
    local commands; commands=(
        "make:Build specified target(s) with `make`" \
"setup:Configure a font project repository" \
"status:Show status information about setup, configuration, and build state" \
"help:Prints this message or the help of the given subcommand(s)" \
    )
    _describe -t commands 'fontship commands' commands "$@"
}

I.e., it performs command substitution on ‘make’, which in the best case fails with something along the lines of “make: *** No targets specified and no makefile found. Stop.” and in the worst case ends up running ‘make’ for you.

This issue should probably be brought up to clap-rs/clap so that it is made to use single quotes instead of double quotes and escape everything correctly.

For now, this commit fixes the issue by using “smart quotes” instead of backticks.

alerque commented 4 years ago

Wow good catch. Yes this is something that should be reported is reported upstream in Clap, it shouldn't be generating dangerous executable code!