diff options
author | nagachika <nagachika@ruby-lang.org> | 2021-04-05 20:35:34 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2021-04-05 20:48:25 +0900 |
commit | 59cfa0b1346067e36ae11fc6c317693ce4b9833a (patch) | |
tree | 021b265720b501f26e9b134289949d4f04abfe48 | |
parent | b59e5a64be40b93370afbb0accfcb73c4d682045 (diff) |
Backport a tmpdir fix.
Remove other then alphanumeric and some punctuations considered
filesystem-safe, instead of removing some unsafe chars only.
-rw-r--r-- | lib/tmpdir.rb | 2 | ||||
-rw-r--r-- | test/test_tmpdir.rb | 4 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index 1bbf7ea46a..5e42e8e302 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -108,7 +108,7 @@ class Dir Dir.tmpdir end - UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze + UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~" def create(basename, tmpdir=nil, max_try: nil, **opts) origdir = tmpdir diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb index 50583b5ce1..ea2cc123c1 100644 --- a/test/test_tmpdir.rb +++ b/test/test_tmpdir.rb @@ -86,6 +86,10 @@ class TestTmpdir < Test::Unit::TestCase traversal_path = Array.new(target.count('/')-2, '..').join('/') + traversal_path actual = yield traversal_path assert_not_send([File.absolute_path(actual), :start_with?, target]) + [File::SEPARATOR, File::ALT_SEPARATOR].compact.each do |separator| + actual = yield traversal_path.tr('/', separator) + assert_not_send([File.absolute_path(actual), :start_with?, target]) + end end end end @@ -2,7 +2,7 @@ # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 3 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 181 +#define RUBY_PATCHLEVEL 182 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 4 |