Forum: Ruby system() Methods in CGI Scripts Not Working

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Nathan O. (Guest)
on 2006-04-06 20:11
There's probably a very simple explanation for this, but here 'goes:

I have a few CGI scripts. A couple of them make system() calls to launch
shell scripts. These scripts work fine on the command line, but when I
launch the exact same script by visiting it in my browser, the page
loads indefinitely.

I think this indicates a permissions problem. Is there anything I can do
to circumvent this? The server I'm running on is one I don't control.
Nathan O. (Guest)
on 2006-04-06 21:09
Okay, after much searching, I've discovered that the string I'm passing
to system() is tainted because it comes from POST data. I suppose
entering "`rm *`" in to any field WOULD be bad news. Lesson learned!
This topic is locked and can not be replied to.