]> git.openstreetmap.org Git - rails.git/commit
projects / rails.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5df4342) | patch
Use Open3.capture2 instead of backticks, to avoid command line injection risks
authorAndy Allan <git@gravitystorm.co.uk>
Wed, 22 Apr 2020 11:22:30 +0000 (13:22 +0200)
committerAndy Allan <git@gravitystorm.co.uk>
Wed, 22 Apr 2020 11:57:32 +0000 (13:57 +0200)
commit35db86714bb173b571813e49ed31afbd08c46cd0
tree0d37b774ef4d74bb02d1cc329d691f9e235e9f01tree | snapshot
parent5df434271e2c55b011d310db4f003a06feea5306commit | diff
Use Open3.capture2 instead of backticks, to avoid command line injection risks

In this situation, trace_name can be trivially checked as legitimate, but this
removes any lingering risks from interpolating into a command line instead of
passing parameters explicitly.

Refs #2229
app/models/trace.rb diff | blob | history
The OpenStreetMap web site