Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Escaped path using shellwords. Credit to EmmanuelOga http://github.co…

  • Loading branch information...
commit 920bc07df41af7eb7a4f86dfc18417286a0e7275 1 parent 4cede84
John Nunemaker authored
Showing with 13 additions and 8 deletions.
  1. +5 −5 lib/wand.rb
  2. +8 −3 test/test_wand.rb
10 lib/wand.rb
View
@@ -1,11 +1,12 @@
require 'mime/types'
+require 'shellwords'
module Wand
Version = '0.1'
def self.wave(path)
type = MIME::Types.type_for(path)[0].to_s
- type = from_executable(path).split(';')[0].strip if type.nil? || type == ''
+ type = execute_file_cmd(path).split(';')[0].strip if type.nil? || type == ''
type = nil if type =~ /cannot\sopen/
type
end
@@ -19,8 +20,7 @@ def self.executable=(path)
@executable = path
end
- private
- def self.from_executable(path)
- `#{executable} --mime --brief #{path}`
- end
+ def self.execute_file_cmd(path)
+ `#{executable} --mime --brief #{path.shellescape}`
+ end
end
11 test/test_wand.rb
View
@@ -5,7 +5,7 @@ class TestWand < Test::Unit::TestCase
setup do
Wand.executable = `which file`.chomp
end
-
+
{
'AVGARDD.svg' => 'image/svg+xml',
'compressed.zip' => 'application/zip',
@@ -44,10 +44,15 @@ class TestWand < Test::Unit::TestCase
Wand.executable = '/usr/local/bin/file'
assert_equal '/usr/local/bin/file', Wand.executable
end
-
+
should "strip newlines and such" do
- Wand.expects(:from_executable).returns("image/jpeg\n")
+ Wand.expects(:execute_file_cmd).returns("image/jpeg\n")
assert_equal "image/jpeg", Wand.wave(FilePath.join(name).expand_path.to_s)
end
+
+ should "escape path" do
+ output = Wand.execute_file_cmd(FilePath.join(name).expand_path.to_s + ' && echo $USER')
+ assert_match /cannot\sopen/, output
+ end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.