ruby.git/lib/erb.rb, branch v3_0_4 The Ruby Programming Language Warn on access/modify of $SAFE, and remove effects of modifying $SAFE 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-09-21T02:06:22+00:00 c5c05460ac20abcbc0ed686eb4acf06da7a39a79 This removes the security features added by $SAFE = 1, and warns for access or modification of $SAFE from Ruby-level, as well as warning when calling all public C functions related to $SAFE. This modifies some internal functions that took a safe level argument to no longer take the argument. rb_require_safe now warns, rb_require_string has been added as a version that takes a VALUE and does not warn. One public C function that still takes a safe level argument and that this doesn't warn for is rb_eval_cmd. We may want to consider adding an alternative method that does not take a safe level argument, and warn for rb_eval_cmd. 
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
Update ERB docs 2019-10-26T17:24:20+00:00 zverok zverok.offline@gmail.com 2019-10-26T06:34:14+00:00 f6f1377a4ec187579a7dd0249be1166b42bf668b * Actualize Notes about other templating engines; * Document #location= method. 
* Actualize Notes about other templating engines;
* Document #location= method.
erb.rb: prohibit marshaling [EXPERIMENTAL] 2019-03-28T03:46:48+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-03-28T03:46:48+00:00 b3507bf147ff47e331da36ba7c8e6b700c513633 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67356 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67356 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: increase warn level only when non-zero safe_level 2018-12-29T07:26:22+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-12-29T07:26:22+00:00 1ae3e6f3ce9f16c49d0584e0ad3dc3e709cc4a81 is given. This is merging Eric's patch in [Bug #15479] to Ruby 2.6's behavior in r66631. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66632 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
is given.

This is merging Eric's patch in [Bug #15479] to Ruby 2.6's behavior in r66631.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66632 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Revert "erb.rb: print deprecation warning with warn level 1" 2018-12-29T07:11:38+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-12-29T07:11:38+00:00 c02f03609036ba4e815c2ed67fa002492b39dda9 This reverts commit b5569b9ab2ad5e0e4a997df7eb73e97ecbacc9dd. The deprecation is indefinitely postponed. [Bug #15478] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This reverts commit b5569b9ab2ad5e0e4a997df7eb73e97ecbacc9dd.

The deprecation is indefinitely postponed.

[Bug #15478]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: print deprecation warning with warn level 1 2018-12-25T13:57:28+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-12-25T13:57:28+00:00 b5569b9ab2ad5e0e4a997df7eb73e97ecbacc9dd This was planned to be removed in Ruby 2.7 at first, but I changed my mind to just keep warning it in Ruby 2.7. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This was planned to be removed in Ruby 2.7 at first, but I changed my
mind to just keep warning it in Ruby 2.7.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: warn invalid trim_mode [Misc #15294] 2018-11-12T00:37:15+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-11-12T00:37:15+00:00 ab5a3db48e446a33f790fa5e8594a6dc24062987 From: Justin Collins <justin@presidentbeef.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
From: Justin Collins <justin@presidentbeef.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: relax warn level of ERB.new 2018-02-28T12:12:20+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-02-28T12:12:20+00:00 e4e65671f9d27137ff913054f2aeedd222e82e8b I changed my mind and thought branching ERB.new in all libraries is too hard. Code becomes too ugly. I increased the warn level to 2, and the old initializer will be removed when Ruby 2.5 becomes EOL. -S option of erb(1) stays in the same policy: will be removed at Ruby 2.7. NEWS: note about the direction git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
I changed my mind and thought branching ERB.new in all libraries is too
hard. Code becomes too ugly. I increased the warn level to 2, and the
old initializer will be removed when Ruby 2.5 becomes EOL.
-S option of erb(1) stays in the same policy: will be removed at Ruby 2.7.

NEWS: note about the direction

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/erb.rb: Add uplevel to warn 2018-02-24T08:54:19+00:00 kazu kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-02-24T08:54:19+00:00 8b9a3eaba6c6af525974f7f41025d3371918931d git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: deprecate safe_level of ERB.new 2018-02-22T13:28:25+00:00 k0kubun k0kubun@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-02-22T13:28:25+00:00 cc777d09f44fa909a336ba14f3aa802ffe16e010 Also, as it's in the middle of the list of 4 arguments, 3rd and 4th arguments (trim_mode, eoutvar) are changed to keyword arguments. Old ways to specify arguments are deprecated and warned now. bin/erb: deprecate -S option. We'll remove all of deprecated ones at Ruby 2.7+. enc/make_encmake.rb: stopped using deprecated interface ext/etc/mkconstants.rb: ditto ext/socket/mkconstants.rb: ditto sample/ripper/ruby2html.rb: ditto spec/ruby/library/erb/defmethod/def_erb_method_spec.rb: ditto spec/ruby/library/erb/new_spec.rb: ditto test/erb/test_erb.rb: ditto test/erb/test_erb_command.rb: ditto tool/generic_erb.rb: ditto tool/ruby_vm/helpers/dumper.rb: ditto tool/transcode-tblgen.rb: ditto lib/rdoc/erbio.rb: ditto lib/rdoc/generator/darkfish.rb: ditto [Feature #14256] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Also, as it's in the middle of the list of 4 arguments, 3rd and 4th arguments
(trim_mode, eoutvar) are changed to keyword arguments.
Old ways to specify arguments are deprecated and warned now.

bin/erb: deprecate -S option.

We'll remove all of deprecated ones at Ruby 2.7+.

enc/make_encmake.rb: stopped using deprecated interface
ext/etc/mkconstants.rb: ditto
ext/socket/mkconstants.rb: ditto
sample/ripper/ruby2html.rb: ditto
spec/ruby/library/erb/defmethod/def_erb_method_spec.rb: ditto
spec/ruby/library/erb/new_spec.rb: ditto
test/erb/test_erb.rb: ditto
test/erb/test_erb_command.rb: ditto
tool/generic_erb.rb: ditto
tool/ruby_vm/helpers/dumper.rb: ditto
tool/transcode-tblgen.rb: ditto
lib/rdoc/erbio.rb: ditto
lib/rdoc/generator/darkfish.rb: ditto

[Feature #14256]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62529 b2dd03c8-39d4-4d8f-98ff-823fe69b080e