summaryrefslogtreecommitdiff
path: root/file.c
diff options
context:
space:
mode:
authormatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2003-03-10 15:05:18 +0000
committermatz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2003-03-10 15:05:18 +0000
commitbb544954b2679d4bd86fa6da6da29171e65e017a (patch)
tree11cb95cc04fbef35876af401f82af0733f7b7fb1 /file.c
parent70b55f2018ba19a0a1b516bd7bf8b112cd7ae5fb (diff)
* file.c (rb_find_file): need world writable directory check for
relative paths too. * file.c (rb_find_file): world writable directory check if $SAFE >= 1 (was $SAFE >= 2). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@3571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'file.c')
-rw-r--r--file.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/file.c b/file.c
index 407a76d..b574711 100644
--- a/file.c
+++ b/file.c
@@ -2731,15 +2731,15 @@ rb_find_file(path)
if (f[0] == '~') {
path = rb_file_expand_path(path, Qnil);
- if (rb_safe_level() >= 2 && OBJ_TAINTED(path)) {
- rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+ if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) {
+ rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
}
f = StringValuePtr(path);
}
#if defined(__MACOS__) || defined(riscos)
if (is_macos_native_path(f)) {
- if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+ if (rb_safe_level() >= 1 && !rb_path_check(f)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
}
if (file_load_ok(f)) return path;
@@ -2747,7 +2747,7 @@ rb_find_file(path)
#endif
if (is_absolute_path(f)) {
- if (rb_safe_level() >= 2 && !rb_path_check(f)) {
+ if (rb_safe_level() >= 1 && !rb_path_check(f)) {
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
}
if (file_load_ok(f)) return path;
@@ -2775,7 +2775,7 @@ rb_find_file(path)
}
else {
lpath = RSTRING(tmp)->ptr;
- if (rb_safe_level() >= 2 && !rb_path_check(lpath)) {
+ if (rb_safe_level() >= 1 && !rb_path_check(lpath)) {
rb_raise(rb_eSecurityError, "loading from unsafe path %s", lpath);
}
}
@@ -2788,6 +2788,9 @@ rb_find_file(path)
return 0; /* no path, no load */
}
f = dln_find_file(f, lpath);
+ if (rb_safe_level() >= 1 && !rb_path_check(f)) {
+ rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
+ }
if (file_load_ok(f)) {
return rb_str_new2(f);
}