Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Are command arguments sanitized? #36

TrevorBurnham opened this Issue · 1 comment

2 participants


If I do the following:

input = getStringFromUser();
client = require('lib/redis-client').createClient();

will the person giving me the input be able to do something nasty, i.e. execute commands other than GET? It would be nice if the documentation said something definitive on this point.


If at all, then inside of multi/exec which is only available in forks. However i doubt even that, because redis does not accept multiple commands in one buffered request. (multi/exec are actually a bunch of requests for each part, including multi and exec)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.