Browse files

More info for the README.

  • Loading branch information...
1 parent 298111a commit c30e83151e5d0a1d88872d4f7629643bdbb9f883 @notahat notahat committed Nov 8, 2010
Showing with 28 additions and 1 deletion.
  1. +28 −1 README.rdoc
@@ -2,6 +2,25 @@
Safe Shell lets you execute shell commands and get the resulting output, but without the security problems of Ruby's backtick operator.
+== Usage
+ gem install safe_shell
+ require 'safe_shell'
+ SafeShell.execute("echo", "Hello, world!")
+ # Send stdout and stderr to files:
+ SafeShell.execute("echo", "Hello, world!", :stdout => "output.txt", :stderr => "error.txt")
+SafeShell sets the $? operator to the process status, in the same way as the backtick operator.
+You can also use:
+ # Return true if the command returns a zero status:
+ SafeShell.execute?("echo", "Hello, world!")
+== Why?
If you use backticks to process a file supplied by a user, a carefully crafted filename could allow execution of an arbitrary command:
file = ";blah"
@@ -14,7 +33,11 @@ Safe Shell solves this.
SafeShell.execute("echo", file)
=> ";blah\n"
-== Note on Patches/Pull Requests
+== Compatibility
+Tested with Ruby 1.8.7, but it should be happy on pretty much any Ruby version.
+== Developing
* Fork the project.
* Make your feature addition or bug fix.
@@ -24,6 +47,10 @@ Safe Shell solves this.
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
* Send me a pull request. Bonus points for topic branches.
+== Status
+In use on a few big sites, so should be pretty solid. There's not much to it, so I'm not expecting there'll be many releases.
== Copyright
Copyright (c) 2010 Envato, Ian Leitch, & Pete Yandell. See LICENSE for details.

0 comments on commit c30e831

Please sign in to comment.