Closed rtlechow closed 7 years ago
tpope
commented
7 years ago My concern is you're introducing code execution and the associated security concerns while only half solving the problem, since the actual ERB evaluation happens in the context of a Rails app, not bare Ruby.
What does the ERB you're actually trying to evaluate look like? If it's simple <%= ENV[...] %> stuff maybe we can fake it.
rtlechow
commented
7 years ago I hear ya. It's mostly in the form <%= ENV[…] || 'default' %> 😅
tpope
commented
7 years ago And do those vars come from dotenv? I'm assuming no since you're solution doesn't involve it, but then that raises the question of where they do come from.
rtlechow
commented
7 years ago Chef on Engineyard (so a /data/appname/shared/config/env.custom which is just full of export FOO=123 on prod. This probably could/should become dotenv'd though…
tpope
commented
7 years ago So, to be clear, does this patch actually fix things for you? I would expect said environment variables to be unset.
rtlechow
commented
7 years ago It does fix things for me, cuz my dotfiles load a ~/.localrc with the exports. 😬
tpope
commented
7 years ago Feeling generous so I made it an option. I kinda care about this feature because I'm about to replace dbext with something much cooler. :smiling_imp:
rtlechow
commented
7 years ago Sweet, thanks! Very interested to see the dbext replacement 👍
Rails does regardless of file extension, so Rdbext should probably do it too.