Avoiding Shell Injection in Ruby, Python and PHP.

I recently found a shell injection bug in some Ruby-gem I use. Shell injections have scared me for a long time and I usually prefer to whitelist certain characters/patterns rather than to blacklist. This means that the system fails to the save side. Unfortunally it usually does fail – my whitelisting is to rigorous and data that would not cause any problems gets rejected. So I decided to take the opportunity to investigate how to prevent shell injection in my favorite scripting language (Python), the language I found the problem in and finally the language that I can not avoid (PHP).

NoArchive-Tag for Robots-Meta

I tweaked the robots-meta plugin by Joost de Valk for WordPress to support the noarchive tag. This prevents google and archive.org from providing cached versions of your blog. I've put up a mercurial repo with my version at http://www.littleimpact.de/hg/robots-meta-hg/.