fix: address PR review comments

- Add nonce parameter to terminal navigation to allow reopening same worktree multiple times - Fix shell path escaping in editor.ts using single-quote wrapper - Add validatePathParams middleware to open-in-external-terminal route - Remove redundant validation block from createOpenInExternalTerminalHandler - Remove unused pendingTerminal state and setPendingTerminal action - Remove unused getTerminalInfo function from editor.ts
2026-02-02 20:43:36 +00:00 · 2026-01-17 23:09:23 +01:00
parent 111eb24856
commit 9529afbbaa
7 changed files with 36 additions and 81 deletions
--- a/libs/platform/src/editor.ts
+++ b/libs/platform/src/editor.ts
@@ -19,6 +19,15 @@ const execFileAsync = promisify(execFile);
 const isWindows = process.platform === 'win32';
 const isMac = process.platform === 'darwin';

+/**
+ * Escape a string for safe use in shell commands
+ * Handles paths with spaces, special characters, etc.
+ */
+function escapeShellArg(arg: string): string {
+  // Escape single quotes by ending the quoted string, adding escaped quote, and starting new quoted string
+  return `'${arg.replace(/'/g, "'\\''")}'`;
+}
+
 // Cache with TTL for editor detection
 let cachedEditors: EditorInfo[] | null = null;
 let cacheTimestamp: number = 0;
@@ -342,34 +351,6 @@ export async function openInFileManager(targetPath: string): Promise<{ editorNam
  return { editorName: fileManager.name };
 }

-/**
- * Get the platform-specific terminal information
- */
-function getTerminalInfo(): { name: string; command: string; args: string[] } {
-  if (isMac) {
-    // On macOS, use Terminal.app with AppleScript to open in a specific directory
-    return {
-      name: 'Terminal',
-      command: 'open',
-      args: ['-a', 'Terminal'],
-    };
-  } else if (isWindows) {
-    // On Windows, use Windows Terminal if available, otherwise cmd
-    return {
-      name: 'Windows Terminal',
-      command: 'wt',
-      args: ['-d'],
-    };
-  } else {
-    // On Linux, try common terminal emulators in order of preference
-    return {
-      name: 'Terminal',
-      command: 'x-terminal-emulator',
-      args: ['--working-directory'],
-    };
-  }
-}
-
 /**
 * Open a terminal in the specified directory
 *
@@ -386,7 +367,7 @@ export async function openInTerminal(targetPath: string): Promise<{ terminalName
    // Use AppleScript to open Terminal.app in the specified directory
    const script = `
      tell application "Terminal"
-        do script "cd ${targetPath.replace(/"/g, '\\"').replace(/\$/g, '\\$')}"
+        do script "cd ${escapeShellArg(targetPath)}"
        activate
      end tell
    `;