From 988755057d271e437be654f22c6ad3beb16b8900 Mon Sep 17 00:00:00 2001
From: Dylan Araps <dylan.araps@gmail.com>
Date: Sat, 30 Nov 2019 15:05:50 +0000
Subject: [PATCH] pash: be more explicit about glob disable

---
 pash | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pash b/pash
index ff072e9..0a6c977 100755
--- a/pash
+++ b/pash
@@ -1,4 +1,4 @@
-#!/bin/sh -f
+#!/bin/sh
 #
 # pash - simple password manager.
 
@@ -204,10 +204,6 @@ main() {
     # state on exit or Ctrl+C.
     trap 'stty echo icanon' INT EXIT
 
-    # Ensure that debug mode is never enabled to
-    # prevent the password from leaking.
-    set +x
-
     case $1 in
         a*) pw_add  "$2" ;;
         c*) pw_copy "$2" ;;
@@ -219,4 +215,12 @@ main() {
     esac
 }
 
+# Ensure that debug mode is never enabled to
+# prevent the password from leaking.
+set +x
+
+# Ensure that globbing is globally disabled
+# to avoid insecurities with word-splitting.
+set -f
+
 main "$@"