add proper shell escaping for Albino

2011-01-11 00:30:22 -08:00
parent 996f81d63d
commit fc84a4e989
2 changed files with 25 additions and 0 deletions
@@ -14,4 +14,17 @@ class Gollum::Albino < Albino
    html.sub!(%r{</pre></div>\Z}, "</pre>\n</div>")
    html
  end
+
+  # Hotfix for vulnerable versions of Albino
+  if !instance_methods.include?('shell_escape')
+    def convert_options(options = {})
+      @options.merge(options).inject('') do |string, (flag, value)|
+        string + " -#{flag} #{shell_escape value}"
+      end
+    end
+
+    def shell_escape(str)
+      str.to_s.gsub("'", "\\\\'").gsub(";", '\\;')
+    end
+  end
 end