diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-09-12 03:16:31 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-09-12 03:16:31 +0000 |
| commit | fc8e62d0df805059eb73cf4c6dd54db0210db084 (patch) | |
| tree | 05cfac969865445eb7ddd74700ef60350d9a9e89 /eval.c | |
| parent | 20e165a04090a024db4d295d00af6ed1ac67578d (diff) | |
* bignum.c (rb_big_and): convert argument using 'to_int'.
* bignum.c (rb_big_or): ditto.
* bignum.c (rb_big_xor): ditto.
* eval.c (rb_f_require): allow "require" on $SAFE>0, if feature
name is not tainted.
* lib/rexml/parsers/baseparser.rb (REXML::Parsers::BaseParser::stream):
Supports StringIO.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'eval.c')
| -rw-r--r-- | eval.c | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -133,8 +133,13 @@ rb_secure(level) int level; { if (level <= ruby_safe_level) { - rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d", - rb_id2name(ruby_frame->last_func), ruby_safe_level); + if (ruby_frame->last_func) { + rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d", + rb_id2name(ruby_frame->last_func), ruby_safe_level); + } + else { + rb_raise(rb_eSecurityError, "Insecure operation at level %d", ruby_safe_level); + } } } @@ -5923,7 +5928,10 @@ rb_f_require(obj, fname) VALUE feature, tmp; char *ext; /* OK */ - SafeStringValue(fname); + if (OBJ_TAINTED(fname)) { + rb_check_safe_obj(fname); + } + StringValue(fname); ext = strrchr(RSTRING(fname)->ptr, '.'); if (ext && strchr(ext, '/')) ext = 0; if (ext) { @@ -5993,15 +6001,17 @@ load_dyna(feature, fname) VALUE feature, fname; { int state; + volatile int safe = ruby_safe_level; if (rb_feature_p(RSTRING(feature)->ptr, Qfalse)) return Qfalse; rb_provide_feature(feature); { - int volatile old_vmode = scope_vmode; + volatile int old_vmode = scope_vmode; NODE *const volatile old_node = ruby_current_node; const volatile ID old_func = ruby_frame->last_func; + ruby_safe_level = 0; ruby_current_node = 0; ruby_sourcefile = rb_source_filename(RSTRING(fname)->ptr); ruby_sourceline = 0; @@ -6020,6 +6030,7 @@ load_dyna(feature, fname) ruby_frame->last_func = old_func; SCOPE_SET(old_vmode); } + ruby_safe_level = safe; if (state) JUMP_TAG(state); ruby_errinfo = Qnil; |