I just want to echo Philip's comment for emphasis. Do NOT use system() for this, as it has serious security implications.
Best, Sebastian On Dec 4, 10:24 am, Philip Hallstrom <[email protected]> wrote: > > Hey everyone...trying to get a handle on Ruby syntax but having a bit > > of > > an issue. > > > I am trying to create a form and then call a linux system call that > > will > > create a directory using the value of the variable within the > > fieldset. > > Here is a short example: > > > <fieldset> > > <ol> > > <li> > > <%= f.label :name %> > > <%= f.text_field :name, :class => 'text' %> > > </li> > > <li> > > <%= f.label :credit_balance %> > > <%= f.text_field :credit_balance, :class => 'text' %> > > </li> > > </ol> > > </fieldset> > > <fieldset class="submit"> > > <%= f.submit 'Submit', :class => 'submit' %> > > </fieldset> > > <% system("mkdir /var/www/html/WHAT DO I PUT HERE") %> > > Don't use system. Look into the FileUtils.mkdir method. Less chance > for someone typing in "fake; rm -rf /" for the 'name' field... > > > Basically, I just need to know the syntax of the system line so that > > the > > directory that will be created will be the value of the :name variable > > within the fieldset but cannot figure out the syntax. In other words, > > if, on the form someone puts in WHATEVER for the :name field and 10 > > for > > the :credit_balance, I want to create a directory called > > /var/www/html/WHATEVER > > This form will get submitted to a controller's action method. In that > method you'd do something like this: > > name = params[:name] > # triple check that name is valid for a directory name, etc. > FileUtils.mkdir("/var/www/html/#{name}") > > > > > Easy for me in PHP, but I have not been able to find a way to do it in > > Ruby. I am sure that it is easy for one of you. > > > If someone would be nice enough to get me started in the right > > direction, I would really appreciate it. > > > Thank so much! > > > -- > > > You received this message because you are subscribed to the Google > > Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails- > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected] > > . > > For more options, visit this group > > athttp://groups.google.com/group/rubyonrails-talk?hl=en > > . -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
