Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Started on the README.

  • Loading branch information...
commit 67c40ce9f286ce2e6f0d2a6ff11d4b52f9ad9ca0 1 parent c2b62f3
Pete Yandell notahat authored

Showing 2 changed files with 16 additions and 4 deletions. Show diff stats Hide diff stats

  1. +1 1  LICENSE
  2. +15 3 README.rdoc
2  LICENSE
... ... @@ -1,4 +1,4 @@
1   -Copyright (c) 2009 Pete Yandell
  1 +Copyright (c) 2010 Envato, Ian Leitch, & Pete Yandell.
2 2
3 3 Permission is hereby granted, free of charge, to any person obtaining
4 4 a copy of this software and associated documentation files (the
18 README.rdoc
Source Rendered
... ... @@ -1,6 +1,18 @@
1   -= safe_shell
  1 += Safe Shell
2 2
3   -Description goes here.
  3 +Safe Shell lets you execute shell commands and get the resulting output, but without the security problems of Ruby's backtick operator.
  4 +
  5 +If you use backticks to process a file supplied by a user, a carefully crafted filename could allow execution of an arbitrary command:
  6 +
  7 + file = ";blah"
  8 + `echo #{file}`
  9 + sh: blah: command not found
  10 + => "\n"
  11 +
  12 +Safe Shell solves this.
  13 +
  14 + SafeShell.execute("echo", file)
  15 + => ";blah\n"
4 16
5 17 == Note on Patches/Pull Requests
6 18
@@ -14,4 +26,4 @@ Description goes here.
14 26
15 27 == Copyright
16 28
17   -Copyright (c) 2010 Pete Yandell. See LICENSE for details.
  29 +Copyright (c) 2010 Envato, Ian Leitch, & Pete Yandell. See LICENSE for details.

0 comments on commit 67c40ce

Please sign in to comment.
Something went wrong with that request. Please try again.