[openstreetmap/openstreetmap-website] Use Open3.capture2 instead of backticks, to avoid command line injection risks (#2597)
Andy Allan
notifications at github.com
Wed Apr 22 12:00:11 UTC 2020
@gravitystorm commented on this pull request.
> @@ -117,7 +117,7 @@ def trace_name
end
def mime_type
- filetype = `/usr/bin/file -Lbz #{trace_name}`.chomp
+ filetype = Open3.capture2("/usr/bin/file", "-Lbz", trace_name)[0].chomp
Me too! I'm not sure why I overlooked this.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2597#discussion_r412918711
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200422/8b9f595f/attachment.htm>
More information about the rails-dev
mailing list