[Rails] Re: Validating and using Kernal.System

Ruby on Rails Thursday, May 27, 2010

In essence yes, but the user input is just an added command that won't
do anything if they don't have a log file, or the rather, the correct
log format. I'm mostly using this for personal use and am totally
aware that it's incredibly dangerous. I just can't think of another
way to do this.

On May 27, 12:06 pm, Colin Law <clan...@googlemail.com> wrote:
> On 27 May 2010 15:43, anon_comp <neocools...@gmail.com> wrote:
>
>
>
>
>
> > Ok so I have a RoR project that seems to be...unconventional lol
>
> > I'm attempting to validate the name of the file and using
> > Kernal.System to input the file in the system as a parameter.
>
> > I've tried validates_presence_of, but that doesn't appear to work
> > unless in a model which I don't have. I'm trying to use
> > error_messages_for, but I don't understand how to use it or what to
> > put in the controller.
>
> > As for the Kernal. System, how do you use it so that when the user
> > hits "OK", RoR inputs the file in the correct command, runs it, and
> > points the user to the generated html file?
>
> > Here's the complete code:
>
> > trying_controller.rb
> > -----------------------------------------------
> > class TryingController < ApplicationController
> >  def index
> >  end
>
> >  def to
> >    @logfile = params[:logfile]
> >  end
>
> > end
>
> > index.html.erb
> > ---------------------------------------------
> > <% form_tag :action => 'to' do %>
> >  <%= error_messages_for 'logfile' %>
> >  <%= label_tag 'logfile_label', 'Logfile:' %>
> >  <%= file_field_tag :logfile %>
> >  <%= submit_tag "OK" %>
> > <% end %>
>
> > to.html.erb
> > --------------------------------------------
> > Logfile: <%= @logfile %>
>
> Have I got this right, you are attempting to allow a user in a browser
> to enter the name of a system command which will then be run on the
> server?  If so I hope you realise that is incredibly dangerous.  I am
> intrigued to know why you wish to allow this.
>
> Colin- Hide quoted text -
>
> - Show quoted text -

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 10:07 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)