Make usable chars more strict

Remove other than alphanumeric and some punctuations considered filesystem-safe, instead of removing some unsafe chars only. https://hackerone.com/reports/1131465
author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2021-04-01 01:17:45 +0900
committer: NARUSE, Yui <naruse@airemix.jp> 2021-04-05 20:06:22 +0900
commit: 3b97a6496f35efbc6aef9aef2bd1fe87e6b5d158 (patch)
tree: e79fd03430a8df653037c229a3e33e0ff84a1305 /test
parent: 0d8c9a7fe77d8e49b9ca0c5d59754eca36a97958 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb
index c56fd5f401..7ef9f59b54 100644
--- a/test/test_tmpdir.rb
+++ b/test/test_tmpdir.rb
@@ -97,8 +97,10 @@ class TestTmpdir < Test::Unit::TestCase
       target = target.chomp('/') + '/'
       traversal_path = target.sub(/\A\w:/, '') # for DOSISH
       traversal_path = Array.new(target.count('/')-2, '..').join('/') + traversal_path
-      actual = yield traversal_path
-      assert_not_send([File.absolute_path(actual), :start_with?, target])
+      [File::SEPARATOR, File::ALT_SEPARATOR].compact.each do |separator|
+        actual = yield traversal_path.tr('/', separator)
+        assert_not_send([File.absolute_path(actual), :start_with?, target])
+      end
     end
   end
 end
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2021-04-01 01:17:45 +0900
committer	NARUSE, Yui <naruse@airemix.jp>	2021-04-05 20:06:22 +0900
commit	3b97a6496f35efbc6aef9aef2bd1fe87e6b5d158 (patch)
tree	e79fd03430a8df653037c229a3e33e0ff84a1305 /test
parent	0d8c9a7fe77d8e49b9ca0c5d59754eca36a97958 (diff)