Permalink
Browse files

Fixed a small security hole on Account.register

  • Loading branch information...
1 parent 4127575 commit 55b0a4e8ad56ded8cc51182cb326c70e1923b080 @danopia committed Jan 31, 2010
Showing with 2 additions and 1 deletion.
  1. +2 −1 account.rb
View
@@ -1,11 +1,12 @@
require 'ldap'
+require 'escape'
module BitServ
class Account
attr_accessor :entry
def self.register username, password, attrs
- attrs[:userPassword] = `slappasswd -s #{password}`.chomp
+ attrs[:userPassword] = `slappasswd -s #{Escape.shell_command password}`.chomp # TODO
attrs[:objectclass] = ['x-bit-ircUser', 'top']
attrs[:cn] ||= username
attrs[:uid] ||= username

0 comments on commit 55b0a4e

Please sign in to comment.