dan
/
jekyll
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent shell injection when opening a URL.

This commit is contained in:
Jordon Bedwell 2015-11-29 21:22:27 -06:00
parent 2a4aa0fdb1
commit c8edb15820
1 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/jekyll/commands/serve.rb
View File

@ -46,25 +46,17 @@ module Jekyll
file_handler_options file_handler_options
) )
server_address_str = server_address(s, options) server_address_str = server_address(s, options)
Jekyll.logger.info "Server address:", server_address_str Jekyll.logger.info "Server address:", server_address_str
begin if options["open_url"]
command_name = "" command = Utils::Platforms.windows?? "start" : Utils::Platforms.osx?? \
"open" : "xdg-open"
if Utils::Platforms.windows? system command, server_address_str
command_name = "start"
elsif Utils::Platforms.osx?
command_name = "open"
elsif Utils::Platforms.linux?
command_name = "xdg-open"
end end
system("#{command_name} #{server_address_str}")
rescue
Jekyll.logger.info "Could not open URL, exception was thrown"
end if options['open_url']
if options['detach'] # detach the server if options['detach'] # detach the server
pid = Process.fork { s.start } pid = Process.fork { s.start }
Process.detach(pid) Process.detach(pid)