diff options
Diffstat (limited to 'file.c')
-rw-r--r-- | file.c | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -1062,12 +1062,14 @@ rb_file_s_expand_path(argc, argv) VALUE fname, dname; char *s, *p; char buf[MAXPATHLEN+2]; + int tainted = 0; rb_scan_args(argc, argv, "11", &fname, &dname); s = STR2CSTR(fname); p = buf; if (s[0] == '~') { + tainted = 1; if (isdirsep(s[1]) || s[1] == '\0') { char *dir = getenv("HOME"); @@ -1110,9 +1112,11 @@ rb_file_s_expand_path(argc, argv) else if (!isdirsep(*s)) { if (argc == 2) { dname = rb_file_s_expand_path(1, &dname); + if (OBJ_TAINTED(dname)) tainted = 1; strcpy(buf, RSTRING(dname)->ptr); } else { + tainted = 1; #ifdef HAVE_GETCWD getcwd(buf, MAXPATHLEN); #else @@ -1172,7 +1176,9 @@ rb_file_s_expand_path(argc, argv) if (p == buf || !isdirsep(*p)) p++; *p = '\0'; - return rb_tainted_str_new2(buf); + fname = rb_str_new2(buf); + if (tainted) OBJ_TAINT(fname); + return fname; } static int @@ -1203,7 +1209,7 @@ rb_file_s_basename(argc, argv) int argc; VALUE *argv; { - VALUE fname, fext; + VALUE fname, fext, basename; char *name, *p, *ext; int f; @@ -1224,7 +1230,9 @@ rb_file_s_basename(argc, argv) f = rmext(p, ext); if (f) return rb_str_new(p, f); } - return rb_tainted_str_new2(p); + basename = rb_str_new2(p); + if (OBJ_TAINTED(fname)) OBJ_TAINT(basename); + return basename; } static VALUE @@ -1232,6 +1240,7 @@ rb_file_s_dirname(obj, fname) VALUE obj, fname; { char *name, *p; + VALUE dirname; name = STR2CSTR(fname); p = strrchr(name, '/'); @@ -1240,7 +1249,9 @@ rb_file_s_dirname(obj, fname) } if (p == name) p++; - return rb_tainted_str_new(name, p - name); + dirname = rb_str_new(name, p - name); + if (OBJ_TAINTED(fname)) OBJ_TAINT(dirname); + return dirname; } static VALUE |