Skip to content

Commit

Permalink
Using backticks instead of %x.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jnunemaker
jnunemaker committed Mar 6, 2010
1 parent f9f807b commit 47d507b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/wand.rb
View file
Expand Up @@ -3,7 +3,7 @@
module Wand
def self.wave(path)
type = MIME::Types.type_for(path)[0].to_s
type = %x[#{executable} --mime --brief #{path}].split(';')[0] if type.nil? || type == ''
type = `#{executable} --mime --brief #{path}`.split(';')[0] if type.nil? || type == ''
type = nil if type =~ /cannot\sopen/
type
end
Expand Down

1 comment on commit 47d507b

@EmmanuelOga
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Never use this when path/filename is user input as there is no escaping."

I'm thinking shellwords should suffice to escape the path?

require 'shellwords'
type = `#{executable} --mime --brief #{path.shellescape}`.split(';')[0] if type.nil? || type == ''

And a little test:

emmanuel ~/temp/temp
▸ touch test
emmanuel ~/temp/temp
▸ ll
-rw-r--r-- 1 emmanuel 0 Mar  8 21:32 test
emmanuel ~/temp/temp
▸ irb
irb(main):001:0> require 'shellwords'
irb(main):002:0> `file #{ "rm *".shellescape }` 
=> "rm *: cannot open `rm *' (No such file or directory)\n"
irb(main):003:0> exit

emmanuel ~/temp/temp
▸ ls
test

Please sign in to comment.