Revision 216728d0
Added by Sam Kottler over 11 years ago
- ID 216728d09495fe5a2940760df702910642853bca
lib/proxy/util.rb | ||
---|---|---|
require 'open3'
|
||
require 'shellwords'
|
||
|
||
module Proxy::Util
|
||
|
||
... | ... | |
logger.warn e
|
||
return false
|
||
end
|
||
|
||
def self.escape_for_shell(command)
|
||
# This is a backport for using the core Shellwords#escape that's in 1.9.2
|
||
# when using 1.8.7.
|
||
if RUBY_VERSION < '1.9.2'
|
||
return command.shellescape if command.respond_to? :shellescape
|
||
|
||
# An empty argument will be skipped, so return empty quotes.
|
||
return "''" if command.empty?
|
||
command = command.dup
|
||
|
||
# Process as a single byte sequence because not all shell
|
||
# implementations are multibyte aware.
|
||
command.gsub!(/([^A-Za-z0-9_\-.,:\/@\n])/n, "\\\\\\1")
|
||
command.gsub!(/\n/, "'\n'")
|
||
|
||
return command
|
||
else
|
||
Shellwords.escape(command)
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
Fixed CVE-2013-0210 and added test for new escape method