Skip to content
Browse files

Stricter escaping of strings, bump version to 0.5.3

  • Loading branch information...
1 parent d7690c4 commit ce37ffcdb223b34dd215971e2cd365e3a66cb5f1 @devn devn committed Feb 11, 2013
Showing with 11 additions and 4 deletions.
  1. +1 −1 Gemfile.lock
  2. +3 −1 lib/pdfkit/pdfkit.rb
  3. +1 −1 lib/pdfkit/version.rb
  4. +6 −1 spec/pdfkit_spec.rb
View
2 Gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
- pdfkit (0.5.2)
+ pdfkit (0.5.3)
GEM
remote: http://rubygems.org/
View
4 lib/pdfkit/pdfkit.rb
@@ -1,3 +1,5 @@
+require 'shellwords'
+
class PDFKit
class NoExecutableError < StandardError
@@ -42,7 +44,7 @@ def command(path = nil)
args << (path || '-') # Write to file or stdout
- args.map {|arg| %Q{"#{arg.gsub('"', '\"')}"}}
+ args.map {|arg| %Q{"#{arg.shellescape}"}}
end
def executable
View
2 lib/pdfkit/version.rb
@@ -1,3 +1,3 @@
class PDFKit
- VERSION = "0.5.2"
+ VERSION = "0.5.3"
end
View
7 spec/pdfkit_spec.rb
@@ -67,7 +67,12 @@
it "should encapsulate string arguments in quotes" do
pdfkit = PDFKit.new('html', :header_center => "foo [page]")
- pdfkit.command[pdfkit.command.index('"--header-center"') + 1].should == '"foo [page]"'
+ pdfkit.command[pdfkit.command.index('"--header-center"') + 1].should == '"foo\ \[page\]"'
+ end
+
+ it "should sanitize string arguments" do
+ pdfkit = PDFKit.new('html', :header_center => "$(ls)")
+ pdfkit.command[pdfkit.command.index('"--header-center"') + 1].should == '"\$\(ls\)"'
end
it "read the source from stdin if it is html" do

0 comments on commit ce37ffc

Please sign in to comment.
Something went wrong with that request. Please try again.