Permalink
Browse files

Using backticks instead of %x.

  • Loading branch information...
1 parent f9f807b commit 47d507b3e3a6d81760db4b8c7a1ed2d4cd6d91a7 @jnunemaker committed Mar 6, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/wand.rb
View
@@ -3,7 +3,7 @@
module Wand
def self.wave(path)
type = MIME::Types.type_for(path)[0].to_s
- type = %x[#{executable} --mime --brief #{path}].split(';')[0] if type.nil? || type == ''
+ type = `#{executable} --mime --brief #{path}`.split(';')[0] if type.nil? || type == ''
type = nil if type =~ /cannot\sopen/
type
end

1 comment on commit 47d507b

@EmmanuelOga

"Never use this when path/filename is user input as there is no escaping."

I'm thinking shellwords should suffice to escape the path?

require 'shellwords'
type = `#{executable} --mime --brief #{path.shellescape}`.split(';')[0] if type.nil? || type == ''

And a little test:

emmanuel ~/temp/temp
▸ touch test
emmanuel ~/temp/temp
▸ ll
-rw-r--r-- 1 emmanuel 0 Mar  8 21:32 test
emmanuel ~/temp/temp
▸ irb
irb(main):001:0> require 'shellwords'
irb(main):002:0> `file #{ "rm *".shellescape }` 
=> "rm *: cannot open `rm *' (No such file or directory)\n"
irb(main):003:0> exit

emmanuel ~/temp/temp
▸ ls
test
Please sign in to comment.