vieter-v
/
v
2
0
Fork 0
Code Issues Pull Requests Releases Activity

os: do not allow || and \n in system/exec

pull/2634/head
Daren Liang 2019-11-03 18:41:15 -05:00 committed by Alexander Medvednikov
parent df5faf35e5
commit e3d8ab5849
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
vlib/os/os.v
View File

@ -355,8 +355,8 @@ pub:
// exec starts the specified command, waits for it to complete, and returns its output. // exec starts the specified command, waits for it to complete, and returns its output.
pub fn exec(cmd string) ?Result { pub fn exec(cmd string) ?Result {
if cmd.contains(';') || cmd.contains('&&') { if cmd.contains(';') || cmd.contains('&&') || cmd.contains('||') || cmd.contains('\n') {
return error('; and && are not allowed in shell commands') return error(';, &&, || and \\n are not allowed in shell commands')
} }
pcmd := '$cmd 2>&1' pcmd := '$cmd 2>&1'
f := vpopen(pcmd) f := vpopen(pcmd)
@ -381,9 +381,9 @@ pub fn exec(cmd string) ?Result {
// `system` works like `exec()`, but only returns a return code. // `system` works like `exec()`, but only returns a return code.
pub fn system(cmd string) int { pub fn system(cmd string) int {
if cmd.contains(';') || cmd.contains('&&') { if cmd.contains(';') || cmd.contains('&&') || cmd.contains('||') || cmd.contains('\n') {
// TODO remove panic // TODO remove panic
panic('; and && are not allowed in shell commands') panic(';, &&, || and \\n are not allowed in shell commands')
} }
mut ret := int(0) mut ret := int(0)
$if windows { $if windows {