* lib/cgi.rb (CGI::Cookie): should handle multiple values for a

  cookie name.  [ruby-talk:156140]

* string.c (rb_str_substr): should propagate taintness even for
  empty strings.  [ruby-dev:27121]

* string.c (rb_str_aref): should infect result if range argument
  is tainted.  [ruby-dev:27121]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 9 insertions, 4 deletions

diff --git a/string.c b/string.c
index 206ef70691..ccfda5c8f4 100644
--- a/string.c
+++ b/string.c
@@ -605,9 +605,10 @@ rb_str_substr(str, beg, len)
     if (len < 0) {
 	len = 0;
     }
-    if (len == 0) return rb_str_new5(str,0,0);
-
-    if (len > sizeof(struct RString)/2 &&
+    if (len == 0) {
+	str2 = rb_str_new5(str,0,0);
+    }
+    else if (len > sizeof(struct RString)/2 &&
 	beg + len == RSTRING(str)->len && !FL_TEST(str, STR_ASSOC)) {
 	str2 = rb_str_new3(rb_str_new4(str));
 	RSTRING(str2)->ptr += RSTRING(str2)->len - len;
@@ -1539,13 +1540,17 @@ rb_str_aref(str, indx)
 	/* check if indx is Range */
 	{
 	    long beg, len;
+	    VALUE tmp;
+
 	    switch (rb_range_beg_len(indx, &beg, &len, RSTRING(str)->len, 0)) {
 	      case Qfalse:
 		break;
 	      case Qnil:
 		return Qnil;
 	      default:
-		return rb_str_substr(str, beg, len);
+		tmp = rb_str_substr(str, beg, len);
+		OBJ_INFECT(tmp, indx);
+		return tmp;
 	    }
 	}
 	idx = NUM2LONG(indx);