Do not use shellescape on Windows + Remove Gemfile.lock #191

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants

shellescape (called inside shelljoin) was designed for Bourne shell, and it mangles Windows paths (e.g. C:\My Install Path\wkhtmltopdf). As per this stackoverflow answer, there is no equivalent of shellescape on Windows platform.

As an alternative, I've made a simple join/quote-escaping scheme for Windows. I haven't given a detailed look at injection vulnerabilities on Windows. For the time being this will have to be a caveat for Windows users.

Also removed Gemfile.lock. Please see this post from the folks who made Bundler

Contributor

sigmavirus24 commented Aug 9, 2014

Thanks for your efforts here @johnnyshields but a different solution has been used. I'm going to keep the Gemfile.lock for now until I can confirm that it is still best practice to not include it.

@sigmavirus24 it is indeed still the best practice not to include the Gemfile.lock. Look at any widely used gem you will see that they do not include it.

@johnnyshields johnnyshields deleted the johnnyshields:windows branch Aug 10, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment