shellsafe returns unsafe chars in 0.0.11

asquelt commented 9 years ago

chars method was called before shellsafe method and @chars were initialized with characters which should never appear in shell. please issue 0.0.12 as this might be security related.

debug with print on charsets methods:

CHARS
SHELLSAFE
ALPHA
ALPHA
SHELLSAFE
CHARSET shellsafe ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "%", "/", "@", "=", "?", "_", ".", ",", ":", "*", "(", ")", "&", "!", "[", "]", "{", "}", "-"]
QR&AbAKSR=%9c{,+-N,0JD/6{=hxe!wZ9
QR&AbAKSR=%9c{,+-N,0JD/6{=hxe!wZ9

asquelt commented 9 years ago

sorry, patched wrong version...

asquelt commented 9 years ago

corrected in #19

duritong / trocla

shellsafe returns unsafe chars in 0.0.11 #18