[前][次][番号順一覧][スレッド一覧]

ruby-changes:58725

From: Hiroshi <ko1@a...>
Date: Tue, 12 Nov 2019 08:04:39 +0900 (JST)
Subject: [ruby-changes:58725] d9978ce5d3 (master): Use untaint for File.symlink in kernel_require.rb

https://git.ruby-lang.org/ruby.git/commit/?id=d9978ce5d3

From d9978ce5d397866afae536db2aa708af3b7a4b2f Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@r...>
Date: Tue, 12 Nov 2019 08:03:26 +0900
Subject: Use untaint for File.symlink in kernel_require.rb

  Partly reverted 7d463e360b9c4718b17378eb52783116a01b884b

diff --git a/lib/rubygems/core_ext/kernel_require.rb b/lib/rubygems/core_ext/kernel_require.rb
index 944bb93..ae0254b 100644
--- a/lib/rubygems/core_ext/kernel_require.rb
+++ b/lib/rubygems/core_ext/kernel_require.rb
@@ -41,7 +41,10 @@ module Kernel https://github.com/ruby/ruby/blob/trunk/lib/rubygems/core_ext/kernel_require.rb#L41
     resolved_path = begin
       rp = nil
       $LOAD_PATH[0...Gem.load_path_insert_index || -1].each do |lp|
-        safe_lp = lp.dup.tap(&Gem::UNTAINT)
+        # TODO:
+        # for test_require.rb of ruby core test suite
+        # We should use Gem::UNTAINT after https://bugs.ruby-lang.org/issues/16131
+        safe_lp = lp.dup.untaint
         begin
           if File.symlink? safe_lp # for backword compatibility
             next
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]