Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

notinlist's Profile

GitHub User: notinlist

Comments by

Avatar

SERIOUS SECURITY PROBLEM

In function call_rake() you have some shell escaping problem.

args = options.map { |n, v| "#{n.to_s.upcase}='#{v}'" }

The variable v must be escaped properly. This is a security vulnerability. Consider replacing the video, or adding overlay to it with the correct solution!