diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2021-04-01 01:17:45 +0900 |
---|---|---|
committer | NARUSE, Yui <naruse@airemix.jp> | 2021-04-05 20:06:22 +0900 |
commit | 3b97a6496f35efbc6aef9aef2bd1fe87e6b5d158 (patch) | |
tree | e79fd03430a8df653037c229a3e33e0ff84a1305 /lib | |
parent | 0d8c9a7fe77d8e49b9ca0c5d59754eca36a97958 (diff) |
Make usable chars more strict
Remove other than alphanumeric and some punctuations considered
filesystem-safe, instead of removing some unsafe chars only.
https://hackerone.com/reports/1131465
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tmpdir.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb index 0b1f00aecf..bf7db5282a 100644 --- a/lib/tmpdir.rb +++ b/lib/tmpdir.rb @@ -115,7 +115,7 @@ class Dir Dir.tmpdir end - UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze + UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~" class << (RANDOM = Random.new) MAX = 36**6 # < 0x100000000 |