More secure

[gjtorikian]

Adds a bit more security. Would appreciate a review from @gregose if possible. I verified that when using backticks, a .bogus file is created. The reason I didn't go with something like ${HOME} is because this will run on Travis CI and they probably don't give me write access outside of my project.

Thanks for the help!

[case]

+1 for this

[gregose]

:+1: popen won't spawn a shell: http://www.ruby-doc.org/core-2.1.0/IO.html#method-c-popen

If cmd is an Array of String, then it will be used as the subprocess’s argv bypassing a shell. The array can contains a hash at first for environments and a hash at last for options similar to spawn.

This will give the user access to potentially manipulate the file param after --, but not inject shell chars or other params.