ruby-changes:14448
From: knu <ko1@a...>
Date: Mon, 11 Jan 2010 03:08:07 +0900 (JST)
Subject: [ruby-changes:14448] Ruby:r26277 (ruby_1_8): * eval.c (recursive_push): Taint internal hash to prevent
knu 2010-01-11 03:07:50 +0900 (Mon, 11 Jan 2010) New Revision: 26277 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26277 Log: * eval.c (recursive_push): Taint internal hash to prevent unexpected SecurityError; fixes #1864. Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/eval.c Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 26276) +++ ruby_1_8/ChangeLog (revision 26277) @@ -1,3 +1,8 @@ +Mon Jan 11 03:04:12 2010 Akinori MUSHA <knu@i...> + + * eval.c (recursive_push): Taint internal hash to prevent + unexpected SecurityError; fixes #1864. + Sun Jan 10 17:25:24 2010 Nobuyoshi Nakada <nobu@r...> * lib/webrick/accesslog.rb : Escape needed. Index: ruby_1_8/eval.c =================================================================== --- ruby_1_8/eval.c (revision 26276) +++ ruby_1_8/eval.c (revision 26277) @@ -13853,6 +13853,7 @@ sym = ID2SYM(rb_frame_last_func()); if (NIL_P(hash) || TYPE(hash) != T_HASH) { hash = rb_hash_new(); + OBJ_TAINT(hash); rb_thread_local_aset(rb_thread_current(), recursive_key, hash); list = Qnil; } @@ -13861,6 +13862,7 @@ } if (NIL_P(list) || TYPE(list) != T_HASH) { list = rb_hash_new(); + OBJ_TAINT(list); rb_hash_aset(hash, sym, list); } rb_hash_aset(list, obj, Qtrue); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/