Rails - Dec 2009 - Directory creation from Ruby

Hey everyone...trying to get a handle on Ruby syntax but having a bit
of
an issue.

I am trying to create a form and then call a linux system call that
will
create a directory using the value of the variable within the
fieldset.
Here is a short example:

<fieldset>
<ol>
<li>
<%= f.label :name %>
<%= f.text_field :name, :class => ''text'' %>
</li>
<li>
<%= f.label :credit_balance %>
<%= f.text_field :credit_balance, :class => ''text'' %>
</li>
</ol>
</fieldset>
<fieldset class="submit">
<%= f.submit ''Submit'', :class =>
''submit'' %>
</fieldset>
<% system("mkdir /var/www/html/WHAT DO I PUT HERE") %>

Basically, I just need to know the syntax of the system line so that
the
directory that will be created will be the value of the :name variable
within the fieldset but cannot figure out the syntax.  In other words,
if, on the form someone puts in WHATEVER for the :name field and 10
for
the :credit_balance, I want to create a directory called
/var/www/html/WHATEVER

Easy for me in PHP, but I have not been able to find a way to do it in
Ruby.  I am sure that it is easy for one of you.

If someone would be nice enough to get me started in the right
direction, I would really appreciate it.

Thank so much!

--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

You need to put that system call in the controller action which receives
this form submission!
Where then you could do something like this :

system(''mkdir var/www/html/'' + params[:model][:name]);

Also it is not advisable to hard code the entire path.

Thanks & Regards,
Dhruva Sagar.




On Fri, Dec 4, 2009 at 2:30 AM,
bill-8vt6EmggZQzxoq/u1CTancyiEOaA11gU@public.gmane.org <
bill-8vt6EmggZQzxoq/u1CTancyiEOaA11gU@public.gmane.org> wrote:
>
>
> Hey everyone...trying to get a handle on Ruby syntax but having a bit
> of
> an issue.
>
> I am trying to create a form and then call a linux system call that
> will
> create a directory using the value of the variable within the
> fieldset.
> Here is a short example:
>
> <fieldset>
> <ol>
> <li>
> <%= f.label :name %>
> <%= f.text_field :name, :class => ''text'' %>
> </li>
> <li>
> <%= f.label :credit_balance %>
> <%= f.text_field :credit_balance, :class => ''text''
%>
> </li>
> </ol>
> </fieldset>
> <fieldset class="submit">
> <%= f.submit ''Submit'', :class =>
''submit'' %>
> </fieldset>
> <% system("mkdir /var/www/html/WHAT DO I PUT HERE") %>
>
> Basically, I just need to know the syntax of the system line so that
> the
> directory that will be created will be the value of the :name variable
> within the fieldset but cannot figure out the syntax.  In other words,
> if, on the form someone puts in WHATEVER for the :name field and 10
> for
> the :credit_balance, I want to create a directory called
> /var/www/html/WHATEVER
>
> Easy for me in PHP, but I have not been able to find a way to do it in
> Ruby.  I am sure that it is easy for one of you.
>
> If someone would be nice enough to get me started in the right
> direction, I would really appreciate it.
>
> Thank so much!
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> .
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
>
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

> Hey everyone...trying to get a handle on Ruby syntax but having a bit
> of
> an issue.
>
> I am trying to create a form and then call a linux system call that
> will
> create a directory using the value of the variable within the
> fieldset.
> Here is a short example:
>
> <fieldset>
> <ol>
> <li>
> <%= f.label :name %>
> <%= f.text_field :name, :class => ''text'' %>
> </li>
> <li>
> <%= f.label :credit_balance %>
> <%= f.text_field :credit_balance, :class => ''text''
%>
> </li>
> </ol>
> </fieldset>
> <fieldset class="submit">
> <%= f.submit ''Submit'', :class =>
''submit'' %>
> </fieldset>
> <% system("mkdir /var/www/html/WHAT DO I PUT HERE") %>
Don''t use system.  Look into the FileUtils.mkdir method.  Less chance  
for someone typing in "fake; rm -rf /" for the
''name'' field...

> Basically, I just need to know the syntax of the system line so that
> the
> directory that will be created will be the value of the :name variable
> within the fieldset but cannot figure out the syntax.  In other words,
> if, on the form someone puts in WHATEVER for the :name field and 10
> for
> the :credit_balance, I want to create a directory called
> /var/www/html/WHATEVER
This form will get submitted to a controller''s action method.  In that
method you''d do something like this:

name = params[:name]
# triple check that name is valid for a directory name, etc.
FileUtils.mkdir("/var/www/html/#{name}")

> Easy for me in PHP, but I have not been able to find a way to do it in
> Ruby.  I am sure that it is easy for one of you.
>
> If someone would be nice enough to get me started in the right
> direction, I would really appreciate it.
>
> Thank so much!
>
> --
>
> You received this message because you are subscribed to the Google  
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails- 
> talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> .
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>
>
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

I just want to echo Philip''s comment for emphasis. Do NOT use system()
for this, as it has serious security implications.

Best,
Sebastian

On Dec 4, 10:24 am, Philip Hallstrom <phi...-LSG90OXdqQE@public.gmane.org>
wrote:
> > Hey everyone...trying to get a handle on Ruby syntax but having a bit
> > of
> > an issue.
>
> > I am trying to create a form and then call a linux system call that
> > will
> > create a directory using the value of the variable within the
> > fieldset.
> > Here is a short example:
>
> > <fieldset>
> > <ol>
> > <li>
> > <%= f.label :name %>
> > <%= f.text_field :name, :class => ''text'' %>
> > </li>
> > <li>
> > <%= f.label :credit_balance %>
> > <%= f.text_field :credit_balance, :class =>
''text'' %>
> > </li>
> > </ol>
> > </fieldset>
> > <fieldset class="submit">
> > <%= f.submit ''Submit'', :class =>
''submit'' %>
> > </fieldset>
> > <% system("mkdir /var/www/html/WHAT DO I PUT HERE") %>
>
> Don''t use system.  Look into the FileUtils.mkdir method.  Less
chance  
> for someone typing in "fake; rm -rf /" for the
''name'' field...
>
> > Basically, I just need to know the syntax of the system line so that
> > the
> > directory that will be created will be the value of the :name variable
> > within the fieldset but cannot figure out the syntax.  In other words,
> > if, on the form someone puts in WHATEVER for the :name field and 10
> > for
> > the :credit_balance, I want to create a directory called
> > /var/www/html/WHATEVER
>
> This form will get submitted to a controller''s action method.  In
that  
> method you''d do something like this:
>
> name = params[:name]
> # triple check that name is valid for a directory name, etc.
> FileUtils.mkdir("/var/www/html/#{name}")
>
>
>
> > Easy for me in PHP, but I have not been able to find a way to do it in
> > Ruby.  I am sure that it is easy for one of you.
>
> > If someone would be nice enough to get me started in the right
> > direction, I would really appreciate it.
>
> > Thank so much!
>
> > --
>
> > You received this message because you are subscribed to the Google  
> > Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to rubyonrails-
> > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > .
> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en
> > .
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Thank you to all who answered this question.  I really appreciate and
value your input.

I did, in fact, end up doing this in the application controller which
handles the submission and got it working.

I was worried about the system call as well so thanks for stating the
risks.

If anyone needs help in the VoIP world, let me know!  I got that down!

Cheers!

Bill

On Dec 3, 8:15 pm, Sebastian von Conrad
<sebastian.von.con...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I just want to echo Philip''s comment for emphasis. Do NOT use
system()
> for this, as it has serious security implications.
>
> Best,
> Sebastian
>
> On Dec 4, 10:24 am, Philip Hallstrom
<phi...-LSG90OXdqQE@public.gmane.org> wrote:
>
> > > Hey everyone...trying to get a handle on Ruby syntax but having a
bit
> > > of
> > > an issue.
>
> > > I am trying to create a form and then call a linux system call
that
> > > will
> > > create a directory using the value of the variable within the
> > > fieldset.
> > > Here is a short example:
>
> > > <fieldset>
> > > <ol>
> > > <li>
> > > <%= f.label :name %>
> > > <%= f.text_field :name, :class => ''text''
%>
> > > </li>
> > > <li>
> > > <%= f.label :credit_balance %>
> > > <%= f.text_field :credit_balance, :class =>
''text'' %>
> > > </li>
> > > </ol>
> > > </fieldset>
> > > <fieldset class="submit">
> > > <%= f.submit ''Submit'', :class =>
''submit'' %>
> > > </fieldset>
> > > <% system("mkdir /var/www/html/WHAT DO I PUT HERE")
%>
>
> > Don''t use system.  Look into the FileUtils.mkdir method.
 Less chance  
> > for someone typing in "fake; rm -rf /" for the
''name'' field...
>
> > > Basically, I just need to know the syntax of the system line so
that
> > > the
> > > directory that will be created will be the value of the :name
variable
> > > within the fieldset but cannot figure out the syntax.  In other
words,
> > > if, on the form someone puts in WHATEVER for the :name field and
10
> > > for
> > > the :credit_balance, I want to create a directory called
> > > /var/www/html/WHATEVER
>
> > This form will get submitted to a controller''s action method.
 In that  
> > method you''d do something like this:
>
> > name = params[:name]
> > # triple check that name is valid for a directory name, etc.
> > FileUtils.mkdir("/var/www/html/#{name}")
>
> > > Easy for me in PHP, but I have not been able to find a way to do
it in
> > > Ruby.  I am sure that it is easy for one of you.
>
> > > If someone would be nice enough to get me started in the right
> > > direction, I would really appreciate it.
>
> > > Thank so much!
>
> > > --
>
> > > You received this message because you are subscribed to the
Google  
> > > Groups "Ruby on Rails: Talk" group.
> > > To post to this group, send email to rubyonrails-
> > > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > > .
> > > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en
> > > .
--

You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.