Use File.read instead of Kernel.open

To avoid command injection with | strings
inukshuk · Jan 17, 2020 · 14406f4 · 14406f4
1 parent 707b930
commit 14406f4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/bibtex/bibliography.rb b/lib/bibtex/bibliography.rb
@@ -47,7 +47,7 @@ class << self
       # -:filter: convert all entries using the sepcified filter (not set by default)
       #
       def open(path, options = {})
-        b = parse(Kernel.open(path, 'r:UTF-8').read, options)
+        b = parse(File.read(path), options)
         b.path = path
         return b unless block_given?