merge revision(s) 26277:

* eval.c (recursive_push): Taint internal hash to prevent unexpected SecurityError; fixes #1864. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@27914 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-05-20 06:57:38 +0000
committer: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2010-05-20 06:57:38 +0000
commit: a6d4e18284842ec93e91aed228392d51dd1ac966 (patch)
tree: d4ed3323b1b090d6e1c62b4a30ab496cec09f553 /eval.c
parent: 5988c787496e104d3552be02841c416f6006f4b6 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/eval.c b/eval.c
index 55dbb8c254..a4f488f06b 100644
--- a/eval.c
+++ b/eval.c
@@ -13566,6 +13566,7 @@ recursive_push(hash, obj)
     sym = ID2SYM(rb_frame_last_func());
     if (NIL_P(hash) || TYPE(hash) != T_HASH) {
 	hash = rb_hash_new();
+	OBJ_TAINT(hash);
 	rb_thread_local_aset(rb_thread_current(), recursive_key, hash);
 	list = Qnil;
     }
@@ -13574,6 +13575,7 @@ recursive_push(hash, obj)
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_TAINT(list);
 	rb_hash_aset(hash, sym, list);
     }
     rb_hash_aset(list, obj, Qtrue);
author	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-05-20 06:57:38 +0000
committer	shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2010-05-20 06:57:38 +0000
commit	a6d4e18284842ec93e91aed228392d51dd1ac966 (patch)
tree	d4ed3323b1b090d6e1c62b4a30ab496cec09f553 /eval.c
parent	5988c787496e104d3552be02841c416f6006f4b6 (diff)