diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-10-31 04:39:57 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-10-31 04:39:57 +0000 |
| commit | e5d713b271f6a5600cb386a572d3da1afc29f366 (patch) | |
| tree | 4bef05f86bbd46979505126a722c2e8669cdfece | |
| parent | af5f205a82260c668ba97317732a7a293aaaa72f (diff) | |
* dir.c (dir_globs): need taint check. reported by steve
<oksteev at gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@20072 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | dir.c | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Fri Oct 31 12:51:25 2008 Yukihiro Matsumoto <matz@ruby-lang.org> + + * dir.c (dir_globs): need taint check. reported by steve + <oksteev at gmail.com> + Wed Oct 29 11:50:57 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * configure.in (dln-a-out): cannot make shared library nor work with @@ -1660,7 +1660,7 @@ dir_globs(argc, argv, flags) for (i = 0; i < argc; ++i) { int status; VALUE str = argv[i]; - StringValue(str); + SafeStringValue(str); status = push_glob(ary, RSTRING(str)->ptr, flags); if (status) GLOB_JUMP_TAG(status); } |