Revision 216728d0
Added by Sam Kottler over 11 years ago
- ID 216728d09495fe5a2940760df702910642853bca
| lib/proxy/util.rb | ||
|---|---|---|
|
require 'open3'
|
||
|
require 'shellwords'
|
||
|
|
||
|
module Proxy::Util
|
||
|
|
||
| ... | ... | |
|
logger.warn e
|
||
|
return false
|
||
|
end
|
||
|
|
||
|
def self.escape_for_shell(command)
|
||
|
# This is a backport for using the core Shellwords#escape that's in 1.9.2
|
||
|
# when using 1.8.7.
|
||
|
if RUBY_VERSION < '1.9.2'
|
||
|
return command.shellescape if command.respond_to? :shellescape
|
||
|
|
||
|
# An empty argument will be skipped, so return empty quotes.
|
||
|
return "''" if command.empty?
|
||
|
command = command.dup
|
||
|
|
||
|
# Process as a single byte sequence because not all shell
|
||
|
# implementations are multibyte aware.
|
||
|
command.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1")
|
||
|
command.gsub!(/\n/, "'\n'")
|
||
|
|
||
|
return command
|
||
|
else
|
||
|
Shellwords.escape(command)
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
Fixed CVE-2013-0210 and added test for new escape method