[前][次][番号順一覧][スレッド一覧]

ruby-changes:25537

From: nobu <ko1@a...>
Date: Fri, 9 Nov 2012 23:33:22 +0900 (JST)
Subject: [ruby-changes:25537] nobu:r37594 (trunk): erb.rb: safe concurrent use

nobu	2012-11-09 23:33:11 +0900 (Fri, 09 Nov 2012)

  New Revision: 37594

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=37594

  Log:
    erb.rb: safe concurrent use
    
    * lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for
      safe concurrent use.  [ruby-core:47638] [Bug #7046]

  Modified files:
    trunk/ChangeLog
    trunk/lib/erb.rb
    trunk/test/erb/test_erb.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 37593)
+++ ChangeLog	(revision 37594)
@@ -1,3 +1,8 @@
+Fri Nov  9 23:33:05 2012  Nobuyoshi Nakada  <nobu@r...>
+
+	* lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for
+	  safe concurrent use.  [ruby-core:47638] [Bug #7046]
+
 Fri Nov  9 23:05:06 2012  Nobuyoshi Nakada  <nobu@r...>
 
 	* random.c (BYTE_ORDER): define using configured WORDS_BIGENDIAN.
Index: lib/erb.rb
===================================================================
--- lib/erb.rb	(revision 37593)
+++ lib/erb.rb	(revision 37594)
@@ -1,3 +1,4 @@
+# -*- coding: us-ascii -*-
 # = ERB -- Ruby Templating
 #
 # Author:: Masatoshi SEKI
@@ -818,7 +819,7 @@
   end
 
   # Generate results and print them. (see ERB#result)
-  def run(b=TOPLEVEL_BINDING)
+  def run(b=new_toplevel)
     print self.result(b)
   end
 
@@ -830,7 +831,7 @@
   # _b_ accepts a Binding or Proc object which is used to set the context of
   # code evaluation.
   #
-  def result(b=TOPLEVEL_BINDING)
+  def result(b=new_toplevel)
     if @safe_level
       proc {
         $SAFE = @safe_level
@@ -841,6 +842,12 @@
     end
   end
 
+  def new_toplevel
+    # New binding each time *near* toplevel for unspecified runs
+    TOPLEVEL_BINDING.dup
+  end
+  private :new_toplevel
+
   # Define _methodname_ as instance method of _mod_ from compiled ruby source.
   #
   # example:
Index: test/erb/test_erb.rb
===================================================================
--- test/erb/test_erb.rb	(revision 37593)
+++ test/erb/test_erb.rb	(revision 37594)
@@ -1,3 +1,4 @@
+# -*- coding: us-ascii -*-
 require 'test/unit'
 require 'erb'
 
@@ -44,11 +45,20 @@
 
     assert_equal("", ERB::Util.html_escape(""))
     assert_equal("abc", ERB::Util.html_escape("abc"))
-    assert_equal("&lt;&lt;", ERB::Util.html_escape("<<"))
+    assert_equal("&lt;&lt;", ERB::Util.html_escape("<\<"))
 
     assert_equal("", ERB::Util.html_escape(nil))
     assert_equal("123", ERB::Util.html_escape(123))
   end
+
+  def test_concurrent_default_binding
+    template1 = 'one <%= ERB.new(template2).result %>'
+
+    eval 'template2 = "two"', TOPLEVEL_BINDING
+
+    bug7046 = '[ruby-core:47638]'
+    assert_equal("one two", ERB.new(template1).result, bug7046)
+  end
 end
 
 class TestERBCore < Test::Unit::TestCase

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]