mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-21 20:18:06 +02:00
10 lines
239 B
Ruby
10 lines
239 B
Ruby
# Unsafe: ERB.new receives a tainted template *source* string from
|
|
# request params; SSTI fires on the source argument.
|
|
|
|
require "erb"
|
|
|
|
def handler(params)
|
|
src = params[:template]
|
|
template = ERB.new(src)
|
|
template.result(binding)
|
|
end
|