Shell escape code search

Dmitriy Zaporozhets · Jacob Vosmaer
1 parent 6c067380
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
app/contexts/search_context.rb
@@ -6,7 +6,7 @@ class SearchContext
   end
   def execute
-    query = params[:search]
+    query = Shellwords.shellescape(params[:search])
     return result unless query.present?
	@@ -6,7 +6,7 @@ class SearchContext		@@ -6,7 +6,7 @@ class SearchContext
6	end	6	end
7		7
8	def execute	8	def execute
9	- query = params[:search]	9	+ query = Shellwords.shellescape(params[:search])
10		10
11	return result unless query.present?	11	return result unless query.present?
12		12