RailsCasts Pro episodes are now free!

Learn more or hide this

notinlist's Profile

GitHub User: notinlist

Comments by

Avatar
notinlist on #127 Rake in Background 2011-05-10 03:22:03

SERIOUS SECURITY PROBLEM

In function call_rake() you have some shell escaping problem.

args = options.map { |n, v| "#{n.to_s.upcase}='#{v}'" }

The variable v must be escaped properly. This is a security vulnerability. Consider replacing the video, or adding overlay to it with the correct solution!