9 Commits

Author SHA1 Message Date
Jason A. Donenfeld
7ea35f9f8e syntax-highlighting.sh: Fix command injection.
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.

This patch adds simple argument quoting.
2012-10-27 20:05:50 -06:00
Ferry Huberts
d14faf4424 syntax-highlight: when the file has no extension, assume text
There are 2 situations:
1- empty extension: assuming text is better than highlight
   producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
   the extension to the filename, which is what now happens.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2012-10-09 13:19:12 +02:00
Ferry Huberts
2ad9063cb5 Revert "filters/syntax-highlighting.sh: work around highlight --force bug"
This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166.

An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2012-10-09 13:12:09 +02:00
Lars Hjemli
08352c7a02 Merge branch 'stable' 2012-03-18 20:23:30 +00:00
Ferry Huberts
f50be7fda0 filters/syntax-highlighting.sh: work around highlight --force bug 2012-03-18 20:12:36 +00:00
Ferry Huberts
375353caff filters/highlight.sh: manually support highlight version 2 and 3 2012-03-18 20:12:35 +00:00
Ferry Huberts
b2cf630a4b filters: document environment variables in filter scripts
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 11:03:42 +01:00
Georg Lukas
56522ebe13 syntax highlighting for all formats supported by "highlight"
The highlight tool can be given any of the supported file extensions
as its -S parameter. This patch replaces the case-switch by extracting
the extension from the supplied file name and passing it to highlight.
However, this requires a shell supporting the ${var##pattern} syntax,
like dash or bash.

Unknown extensions cause a fall-back to plain text using the --force
switch. Error messages are redirected to /dev/null.

A special case maps Makefile and Makefile.* to the "mk" extension.

The total overhead is reduced by calling "exec highlight". No forks are
needed during script execution.

Signed-off-by: Georg Lukas <georg@op-co.de>
2009-11-19 12:14:45 +01:00
Lars Hjemli
e6cd7121ed Add some example filter scripts
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-08-09 14:56:23 +02:00