vieter-v
/
v
2
0
Fork 0
Code Issues Pull Requests Releases Activity

os: do not allow || and \n in system/exec

pull/2634/head
Daren Liang 2019-11-03 18:41:15 -05:00 committed by Alexander Medvednikov
parent df5faf35e5
commit e3d8ab5849
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
vlib/os/os.v
View File

@ -355,8 +355,8 @@ pub:
// exec starts the specified command, waits for it to complete, and returns its output.
pub fn exec(cmd string) ?Result {
if cmd.contains(';') || cmd.contains('&&') {
return error('; and && are not allowed in shell commands')
if cmd.contains(';') || cmd.contains('&&') || cmd.contains('||') || cmd.contains('\n') {
return error(';, &&, || and \\n are not allowed in shell commands')
}
pcmd := '$cmd 2>&1'
f := vpopen(pcmd)
@ -381,9 +381,9 @@ pub fn exec(cmd string) ?Result {
// `system` works like `exec()`, but only returns a return code.
pub fn system(cmd string) int {
if cmd.contains(';') || cmd.contains('&&') {
if cmd.contains(';') || cmd.contains('&&') || cmd.contains('||') || cmd.contains('\n') {
// TODO remove panic
panic('; and && are not allowed in shell commands')
panic(';, &&, || and \\n are not allowed in shell commands')
}
mut ret := int(0)
$if windows {