fix(man,info): suppress unexpected code execution

In the original codes, we called `eval ls $list` where $list contains
a string from $cur.  This would execute command substitutions in the
command line such as '$(echo hello >/dev/tty)'.  We want to avoid
eval'ing the string from the command line.  Also, this does not work
when the filenames or directory names contain white spaces or
newlines.

In this patch, we instead perform the pathname expansions built in
Bash through the utility `_comp_expand_glob`.

Note: In the original code, when $cur is empty, we made `ls' to expand
the content of the directory.  Now, we use the pathname expansions so
need to add `*' at the end of the pattern even with an empty $cur.

Note: The reason that the original code used `ls` seems to be to
select only the paths with existing files.  This is effectively
replaced by `shopt -s nullglob` set inside `_comp_expand_glob` in the
new code.

Author: akinomyoga

completions/info

@@ -49,26 +49,26 @@ _info()
         infopath=$INFOPATH
     fi
 
-    infopath=$infopath:
-    if [[ $cur ]]; then
-        infopath="${infopath//://$cur* }"
-    else
-        infopath="${infopath//:// }"
-    fi
-
-    # redirect stderr for when path doesn't exist
-    COMPREPLY=($(eval command ls "$infopath" 2>/dev/null))
-    # weed out directory path names and paths to info pages
-    COMPREPLY=(${COMPREPLY[@]##*/?(:)})
-    # weed out info dir file
-    for i in ${!COMPREPLY[*]}; do
-        [[ ${COMPREPLY[i]} == dir ]] && unset -v 'COMPREPLY[i]'
-    done
-    # strip suffix from info pages
-    COMPREPLY=(${COMPREPLY[@]%.@(gz|bz2|xz|lzma)})
-    ((${#COMPREPLY[@]})) &&
-        COMPREPLY=($(compgen -W '"${COMPREPLY[@]%.*}"' -- "${cur//\\\\/}"))
+    _comp_split -F : infopath "$infopath"
+    if ((${#infopath[@]})); then
+        infopath=("${infopath[@]/%//$cur*}")
+        local IFS=
+        _comp_expand_glob COMPREPLY '${infopath[@]}'
+        _comp_unlocal IFS
 
+        if ((${#COMPREPLY[@]})); then
+            # weed out directory path names and paths to info pages
+            COMPREPLY=(${COMPREPLY[@]##*/?(:)})
+            # weed out info dir file
+            for i in ${!COMPREPLY[*]}; do
+                [[ ${COMPREPLY[i]} == dir ]] && unset -v 'COMPREPLY[i]'
+            done
+            # strip suffix from info pages
+            COMPREPLY=(${COMPREPLY[@]%.@(gz|bz2|xz|lzma)})
+            ((${#COMPREPLY[@]})) &&
+                COMPREPLY=($(compgen -W '"${COMPREPLY[@]%.*}"' -- "${cur//\\\\/}"))
+        fi
+    fi
 } &&
     complete -F _info info pinfo
 

completions/man

@@ -77,27 +77,22 @@ _man()
     # shellcheck disable=SC2053
     [[ $prev == $mansect ]] && sect=$prev || sect='*'
 
-    manpath=$manpath:
-    if [[ $cur ]]; then
-        manpath="${manpath//://*man$sect/$cur* } ${manpath//://*cat$sect/$cur* }"
-    else
-        manpath="${manpath//://*man$sect/ } ${manpath//://*cat$sect/ }"
-    fi
-
-    local IFS=$' \t\n' reset=$(shopt -p failglob)
-    shopt -u failglob
-    # redirect stderr for when path doesn't exist
-    COMPREPLY=($(eval command ls "$manpath" 2>/dev/null))
-    $reset
+    _comp_split -F : manpath "$manpath"
+    if ((${#manpath[@]})); then
+        manpath=("${manpath[@]/%//*man$sect/$cur*}" "${manpath[@]/%//*cat$sect/$cur*}")
+        local IFS=
+        _comp_expand_glob COMPREPLY '${manpath[@]}'
+        _comp_unlocal IFS
 
-    if ((${#COMPREPLY[@]} != 0)); then
-        # weed out directory path names and paths to man pages
-        COMPREPLY=(${COMPREPLY[@]##*/?(:)})
-        # strip suffix from man pages
-        ((${#COMPREPLY[@]})) &&
-            COMPREPLY=(${COMPREPLY[@]%$comprsuffix})
-        ((${#COMPREPLY[@]})) &&
-            COMPREPLY=($(compgen -W '"${COMPREPLY[@]%.*}"' -- "${cur//\\\\/}"))
+        if ((${#COMPREPLY[@]} != 0)); then
+            # weed out directory path names and paths to man pages
+            COMPREPLY=(${COMPREPLY[@]##*/?(:)})
+            # strip suffix from man pages
+            ((${#COMPREPLY[@]})) &&
+                COMPREPLY=(${COMPREPLY[@]%$comprsuffix})
+            ((${#COMPREPLY[@]})) &&
+                COMPREPLY=($(compgen -W '"${COMPREPLY[@]%.*}"' -- "${cur//\\\\/}"))
+        fi
     fi
 
     # shellcheck disable=SC2053