From 7d620c6577cfc2503ce7eb112112e97e3423c1f0 Mon Sep 17 00:00:00 2001
From: marcelsafin <179933638+marcelsafin@users.noreply.github.com>
Date: Thu, 23 Apr 2026 16:26:32 +0200
Subject: [PATCH] fix(uninstaller): use -- to prevent option injection on rm/mv

OMZ_DIR is derived from user-controlled environment variables ($ZSH,
$ZDOTDIR). If a value begins with -, rm/mv could interpret it as an
option flag. Using -- terminates option parsing per POSIX.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 tools/uninstall.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/uninstall.sh b/tools/uninstall.sh
index 038c40cb2..1dc290eda 100644
--- a/tools/uninstall.sh
+++ b/tools/uninstall.sh
@@ -61,20 +61,20 @@ fi
 
 echo "Removing $OMZ_DIR"
 if [ -d "$OMZ_DIR" ]; then
-  rm -rf "$OMZ_DIR"
+  rm -rf -- "$OMZ_DIR"
 fi
 
 if [ -e "$zdot/.zshrc" ]; then
   ZSHRC_SAVE="$zdot/.zshrc.omz-uninstalled-$(date +%Y-%m-%d_%H-%M-%S)"
   echo "Found $zdot/.zshrc -- Renaming to ${ZSHRC_SAVE}"
-  mv "$zdot/.zshrc" "${ZSHRC_SAVE}"
+  mv -- "$zdot/.zshrc" "${ZSHRC_SAVE}"
 fi
 
 echo "Looking for original zsh config..."
 ZSHRC_ORIG="$zdot/.zshrc.pre-oh-my-zsh"
 if [ -e "$ZSHRC_ORIG" ]; then
   echo "Found $ZSHRC_ORIG -- Restoring to $zdot/.zshrc"
-  mv "$ZSHRC_ORIG" "$zdot/.zshrc"
+  mv -- "$ZSHRC_ORIG" "$zdot/.zshrc"
   echo "Your original zsh config was restored."
 else
   echo "No original zsh config found"