1

I write this code in my rails project.It's to execute a shell script ,But my shell script can catch @directdown only.

rails script

@cmd = "/downafile.sh #{@directdown} #{@file.id} #{@filename}"
`#{@cmd}`

shell script

echo $1 >> /tmp/ceshi.tmp
echo $2 >> /tmp/ceshi.tmp
echo $3 >> /tmp/ceshi.tmp

Thanks.

Improve this question

3 Answers 3

Reset to default
1

`` and system command works in similar manner. But system method will return true on success.

Try with this:

@cmd = "/downafile.sh '#{@directdown}' '#{@file.id}' '#{@filename}'"
  `#{@cmd}`
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is not safe -- consider the case where a filename is passed of $(rm -rf ~)'$(rm -rf ~)' (and yes, literal quotes are allowed in UNIX filenames).
1

Try using puts @cmd to see the command generated and see whether the command is what you intended. If it is try executing it from the terminal to test whether your shell script works. I think the parameters @file.id and @filename value may be nil so on interpolation it will be replaced by "". puts their values also to check.

Improve this answer

5 Comments

hi,i can see whole args when i puts @cmd
@jean...try using that in the terminal..and see what happens?
it's solved.@cmd = "/downafile.sh '#{@directdown}' '#{@file.id}' '#{@filename}'"
@jean..it may be because the varible values may have spaces in between and part after space will be treated as another argument..so using '' in arguements will force it to take it correctly
@jean, that's not a safe solution against hostile names. A filename that contains a literal quote character could escape the quoting and run arbitrary shell commands.
-1

I don't know what is the meaning of `` in Ruby, but I think you can use the system function to invoke an external program. Something like,

   @cmd = "/downafile.sh #{@directdown} #{@file.id} #{@filename}"
   system(@cmd)

Hope it helps.

Improve this answer

3 Comments

system(@cmd) executes the command and gives true if the command was executed successfully and otherwise false. `` executes the command and returns its screen output. For example ` ls ` will give "app\nconfig\ndb\ndoc\nlib\nlog\npublic\nRakefile\nREADME\nscript\ntest\ntmp\nvendor\n" as output.
6 Ways to Run Shell Commands in Ruby
system() use permits shell injection attacks -- consider a file named $(rm -rf ~)'$(rm -rf ~)'.txt (yes, all those characters are allowed in filenames on Linux).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.