diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-10-31 04:40:34 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-10-31 04:40:34 +0000 |
commit | ec280ecbe658035d8c9affa6ca46e13a255c0cbe (patch) | |
tree | 93a315c92a2103f38e984c086963bc7678e4c6bb | |
parent | 5eacf68c2a918e245625aeac66e7895635662d30 (diff) |
* dir.c (dir_globs): need taint check. reported by steve
<oksteev at gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | dir.c | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Fri Oct 31 12:51:25 2008 Yukihiro Matsumoto <matz@ruby-lang.org> + + * dir.c (dir_globs): need taint check. reported by steve + <oksteev at gmail.com> + Fri Oct 31 12:42:45 2008 wanabe <s.wanabe@gmail.com> * array.c (rb_ary_decrement_share): fix to work recycling @@ -1571,7 +1571,7 @@ dir_globs(long argc, VALUE *argv, int flags) for (i = 0; i < argc; ++i) { int status; VALUE str = argv[i]; - StringValue(str); + SafeStringValue(str); status = push_glob(ary, str, flags); if (status) GLOB_JUMP_TAG(status); } |