* eval.c (rb_f_eval): can't modify untainted binding.

* regex.c (re_compile_pattern): should preverve p0 value. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1802 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-10-30 08:42:21 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2001-10-30 08:42:21 +0000
commit: 3ee749b1736ca72ba20fc30f759fa119a750a4c6 (patch)
tree: d75571b4eae4fcfdca76de46afdc66dc8832cbf5 /eval.c
parent: 35b21a12c03765244d32b6400a100124f35df091 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/eval.c b/eval.c
index a8773e181a..a006f3444d 100644
--- a/eval.c
+++ b/eval.c
@@ -4961,6 +4961,9 @@ rb_f_eval(argc, argv, self)
 
     if (ruby_safe_level >= 4) {
 	Check_Type(src, T_STRING);
+	if (!NIL_P(scope) && !OBJ_TAINTED(scope)) {
+	    rb_raise(rb_eSecurityError, "Insecure: can't modify trusted binding");
+	}
     }
     else {
 	Check_SafeStr(src);
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-10-30 08:42:21 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2001-10-30 08:42:21 +0000
commit	3ee749b1736ca72ba20fc30f759fa119a750a4c6 (patch)
tree	d75571b4eae4fcfdca76de46afdc66dc8832cbf5 /eval.c
parent	35b21a12c03765244d32b6400a100124f35df091 (diff)