diff options
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | intern.h | 1 | ||||
| -rw-r--r-- | parse.y | 11 | ||||
| -rw-r--r-- | string.c | 8 |
4 files changed, 25 insertions, 5 deletions
@@ -1,3 +1,13 @@ +Thu Sep 14 16:11:15 2006 Yukihiro Matsumoto <matz@ruby-lang.org> + + * string.c (rb_str_intern): raise SecurityError only when $SAFE + level is greater than zero. [ruby-core:08862] + + * parse.y (rb_interned_p): new function to check if a string is + already interned. + + * string.c (str_to_id): use rb_str_intern(). + Thu Sep 14 14:37:45 2006 Tanaka Akira <akr@fsij.org> * ext/digest/lib/digest.rb (Digest::Base.file): new method. @@ -400,6 +400,7 @@ int rb_is_class_id(ID); int rb_is_local_id(ID); int rb_is_junk_id(ID); int rb_symname_p(const char*); +int rb_sym_interned_p(VALUE); VALUE rb_backref_get(void); void rb_backref_set(VALUE); VALUE rb_lastline_get(void); @@ -8381,6 +8381,17 @@ rb_symname_p(const char *name) return *m ? Qfalse : Qtrue; } +int +rb_sym_interned_p(str) + VALUE str; +{ + ID id; + + if (st_lookup(global_symbols.sym_id, (st_data_t)str, (st_data_t *)&id)) + return Qtrue; + return Qfalse; +} + ID rb_intern2(const char *name, long len) { @@ -4151,7 +4151,7 @@ rb_str_intern(VALUE s) if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) { rb_raise(rb_eArgError, "interning empty string"); } - if (OBJ_TAINTED(str)) { + if (OBJ_TAINTED(str) && rb_safe_level() >= 1 && !rb_sym_interned_p(str)) { rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); } id = rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str)); @@ -4556,10 +4556,8 @@ sym_to_proc(VALUE sym) static ID str_to_id(VALUE str) { - if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) { - rb_raise(rb_eArgError, "empty symbol string"); - } - return rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str)); + VALUE sym = rb_str_intern(str); + return SYM2ID(sym); } ID |