Re: Bash not escaping escape sequences in directory names

[L A Walsh]

On 2022/01/20 22:20, Lawrence Velázquez wrote:
> On Fri, Jan 21, 2022, at 12:22 AM, L A Walsh wrote:
>   
> > On 2022/01/18 22:31, Alex fxmbsw7 Ratchev wrote
> >     
> > > > Fix:  [sanitizing the prompt].  
> > > >         
> > Sanitizing? What's that?
> > Especially in a way that won't break existing legal usages?
> >     
>
> Curious what "existing legal usages" there are for allowing a change
> of working directory to result in arbitrary escape sequences being
> sent to your terminal.
>   
----
   Arbitrary?  Are you asking me?  I asked for a definition of "sanitary"
that wouldn't break existing legal usages.  If path->prompt transformations
resulted in "random" escape sequences, I wouldn't find them very useful, 
but
whether or not my path transformations would fit your definition of
"sanitary" is another matter.

Someone gave an example of crafting a prompt that changed color (say to 
red) so as to
suggest a root prompt.  Where does anyone get the idea that a red-prompt 
= a root prompt?  That's a recent _feature_ created by altering the path 
prompt.  My pathprompt code turns the path prompt red when it detects 
UID==0.  I could just as easily have it turn orange if your current 
directory was based in "/sbin". 

I also put my tty, username, host and my "spwd" in my tty's titlebar.  
That and
the color include tty-specific escape sequences to set color, set the 
titlebar and
to return from those settings.  Those sequences are specific to each 
terminal.

So I would ask which user-controlled prompts are "illegal" such that 
they would
be sanitized?  The user controls their own prompt.  What transformations 
would
you disallow that wouldn't trample on some user's choice of a prompt?

My current prompt *includes* the output of my 'spwd' function (and has 
for several
years).  It is _included_ in the prompt.  There is code in my prompt to 
change
it's color, change the window title, and include the hostname among other
things:
----
/etc/local/bash_prompt.sh
#!/bin/bash -u
# vim=:SetNumberAndWidth

shopt -s expand_aliases
alias my='declare ' int='my -i ' array='my -a ' map='my -A '
setx() { trap unsetx EXIT; set -x; } ; unsetx() { set +x;}
################################################################################


# spwd
# - return a shortened path when displayed path
#   would take up > 50% width of the screen
array _als=( "_e=echo -En"  "ret=return" )
alias "${_als[@]}"
#   dpf =  string of print formats to use
#          in printing out path-parts for prompt
#          (eval'd in spwd to make array)
export __dpf__='local -a PF=(
               "/$1/$2/$3/…/\${$[$#-1]}/\${$#}"
               "/$1/$2/…/\${$[$#-1]}/\${$#}"
               "/$1/…/\${$[$#-1]}/\${$#}"
               "/$1/…/\${$#}"
               "…/\${$#}"
               "…" )'

spwd () {  my _f_=""                      ;\
 [[ ${_f_:=${-//[^x]/}} ]] && set +$_f_  ;\
 (($#))|| { set "${PWD:=$(echo -En $(     \
 eval "{,{,/usr}/bin/}pwd 2>&-||:" ))}"  ;\
 (($#)) || ret 1; }                      ;\
 int w=COLUMNS/2                         ;\
 ( printf -v _p "%s" "$1" ; export IFS=/ ;\
   set $_p; shift; unset IFS             ;\
   t="${_p#$_home_prefix}"               ;\
   int tl=${#t}                          ;\
   if (($#<=6 && tl<w));then ((tl<=2)) && \
     { _e "$_p"; set -$_f_;  ret 0; }    ;\
   else                                   \
     eval "$__dpf__"

Whether or not that fits your definition of "arbitrary" or
"sanitized" is based on your definitions.