From 626991abc89a86ff1ea851b4ccae6801b323223c Mon Sep 17 00:00:00 2001
From: Tim Allen <screwtape@froup.com>
Date: Thu, 6 Oct 2016 19:09:53 +1100
Subject: Don't use repeated shell evaluation in vis-complete.

Previously, vis-complete built up a command-line by repeated subtitution
into a shell variable, then executing that shell variable in a subshell.
I'm not entirely sure what shell-meta-character mischief would have been
possible, but now we just do all the piping in the same shell which is
much safer.
---
 vis-complete | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

(limited to 'vis-complete')

diff --git a/vis-complete b/vis-complete
index 3a2d97b..278bf40 100755
--- a/vis-complete
+++ b/vis-complete
@@ -25,16 +25,8 @@ while [ $# -gt 0 ]; do
 	esac
 done
 
-PATTERN="$(echo "$PATTERN" | sed "s/'/'\\\\''/g")"
-
 if [ $COMPLETE_WORD = 1 ]; then
-	CMD=$(printf "tr -cs '[:alnum:]_' '\n' | grep '^%s.' | sort -u" "$PATTERN")
+	tr -cs '[:alnum:]_' '\n' | grep "^$PATTERN." | sort -u
 else
-	CMD=$(printf "find . ! -path '*/\.*' -a -path './%s*' 2>/dev/null | head -n $FIND_FILE_LIMIT | cut -b 3- | sort" "$PATTERN")
-fi
-
-PATTERN="$(echo "$PATTERN" | sed 's:/:\\/:g')"
-
-CMD=$(printf "$CMD | vis-menu -b | sed 's/^%s//' | tr -d '\n'" "$PATTERN")
-
-exec /bin/sh -c "$CMD"
+	find . ! -path '*/\.*' -a -path "./$PATTERN*" 2>/dev/null | head -n $FIND_FILE_LIMIT | cut -b 3- | sort
+fi | vis-menu -b | sed "s/^$(printf "%s" "$PATTERN" | sed 's:/:\\/:g' )//" | tr -d '\n'
-- 
cgit v1.2.3