ruby-changes:15969
From: shyouhei <ko1@a...>
Date: Thu, 20 May 2010 15:57:49 +0900 (JST)
Subject: [ruby-changes:15969] Ruby:r27914 (ruby_1_8_7): merge revision(s) 26277:
shyouhei 2010-05-20 15:57:38 +0900 (Thu, 20 May 2010) New Revision: 27914 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=27914 Log: merge revision(s) 26277: * eval.c (recursive_push): Taint internal hash to prevent unexpected SecurityError; fixes #1864. Modified files: branches/ruby_1_8_7/ChangeLog branches/ruby_1_8_7/eval.c branches/ruby_1_8_7/version.h Index: ruby_1_8_7/ChangeLog =================================================================== --- ruby_1_8_7/ChangeLog (revision 27913) +++ ruby_1_8_7/ChangeLog (revision 27914) @@ -1,3 +1,8 @@ +Thu May 20 15:54:08 2010 Akinori MUSHA <knu@i...> + + * eval.c (recursive_push): Taint internal hash to prevent + unexpected SecurityError; fixes #1864. + Thu May 20 15:39:26 2010 Nobuyoshi Nakada <nobu@r...> * io.c (io_fwrite): preserve errno. [ruby-core:27425] Index: ruby_1_8_7/version.h =================================================================== --- ruby_1_8_7/version.h (revision 27913) +++ ruby_1_8_7/version.h (revision 27914) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2010-05-20" #define RUBY_VERSION_CODE 187 #define RUBY_RELEASE_CODE 20100520 -#define RUBY_PATCHLEVEL 255 +#define RUBY_PATCHLEVEL 256 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 Index: ruby_1_8_7/eval.c =================================================================== --- ruby_1_8_7/eval.c (revision 27913) +++ ruby_1_8_7/eval.c (revision 27914) @@ -13566,6 +13566,7 @@ sym = ID2SYM(rb_frame_last_func()); if (NIL_P(hash) || TYPE(hash) != T_HASH) { hash = rb_hash_new(); + OBJ_TAINT(hash); rb_thread_local_aset(rb_thread_current(), recursive_key, hash); list = Qnil; } @@ -13574,6 +13575,7 @@ } if (NIL_P(list) || TYPE(list) != T_HASH) { list = rb_hash_new(); + OBJ_TAINT(list); rb_hash_aset(hash, sym, list); } rb_hash_aset(list, obj, Qtrue); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/