Do not always taint the result of File#path

The result should only be tainted if the path given to the method was tainted. The code to always taint the result was added in a4934a42cbb84b6679912226581c71b435671f55 (svn revision 4892) in 2003 by matz. However, the change wasn't mentioned in the commit message, and it may have been committed by accident. Skip part of a readline test that uses Reline. Reline in general would pass the test, but Reline's test mode doesn't raise a SecurityError if passing a tainted prompt and $SAFE >= 1. This was hidden earlier because File#path was always returning a tainted string. Fixes [Bug #14485]
author: Jeremy Evans <code@jeremyevans.net> 2019-06-20 11:50:22 -0700
committer: Jeremy Evans <code@jeremyevans.net> 2019-07-30 11:55:59 -0700
commit: a50bc9f3c8e0696ede25305c03eadecc543b863b (patch)
tree: e3e1e6086bdff4812d98e62b86df434e8cdcea23 /test/readline
parent: ceb9e276b934a8a63299b0b96d2c430c9854de7f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/test/readline/test_readline.rb b/test/readline/test_readline.rb
index e040ac53c3..e71d329973 100644
--- a/test/readline/test_readline.rb
+++ b/test/readline/test_readline.rb
@@ -41,6 +41,11 @@ module BasetestReadline
       assert_equal("> ", stdout.read(2))
       assert_equal(1, Readline::HISTORY.length)
       assert_equal("hello", Readline::HISTORY[0])
+
+      # Work around lack of SecurityError in Reline
+      # test mode with tainted prompt
+      return if kind_of?(TestRelineAsReadline)
+
       Thread.start {
         $SAFE = 1
         assert_raise(SecurityError) do
author	Jeremy Evans <code@jeremyevans.net>	2019-06-20 11:50:22 -0700
committer	Jeremy Evans <code@jeremyevans.net>	2019-07-30 11:55:59 -0700
commit	a50bc9f3c8e0696ede25305c03eadecc543b863b (patch)
tree	e3e1e6086bdff4812d98e62b86df434e8cdcea23 /test/readline
parent	ceb9e276b934a8a63299b0b96d2c430c9854de7f (diff)