From dbe8e9c578f42495872155afd8ea81c74814524f Mon Sep 17 00:00:00 2001 From: usa Date: Sat, 9 Sep 2017 13:42:22 +0000 Subject: merge revision(s) 59584: [Backport #13850] REXML: Fix a bug that unexpected methods can be called as a XPath function [HackerOne:249295] Reported by Andrea Jegher. Thanks!!! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/rexml/functions.rb | 29 ++++++++++++++++++++++++++--- test/rexml/test_functions.rb | 13 +++++++++++++ version.h | 2 +- 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/lib/rexml/functions.rb b/lib/rexml/functions.rb index ee73b28881..8e2abca811 100644 --- a/lib/rexml/functions.rb +++ b/lib/rexml/functions.rb @@ -8,10 +8,28 @@ module REXML # Therefore, in XML, "local-name()" is identical (and actually becomes) # "local_name()" module Functions + @@available_functions = {} @@context = nil @@namespace_context = {} @@variables = {} + INTERNAL_METHODS = [ + :namespace_context, + :namespace_context=, + :variables, + :variables=, + :context=, + :get_namespace, + :send, + ] + class << self + def singleton_method_added(name) + unless INTERNAL_METHODS.include?(name) + @@available_functions[name] = true + end + end + end + def Functions::namespace_context=(x) ; @@namespace_context=x ; end def Functions::variables=(x) ; @@variables=x ; end def Functions::namespace_context ; @@namespace_context ; end @@ -387,9 +405,14 @@ module REXML node.node_type == :processing_instruction end - def Functions::method_missing( id ) - puts "METHOD MISSING #{id.id2name}" - XPath.match( @@context[:node], id.id2name ) + def Functions::send(name, *args) + if @@available_functions[name.to_sym] + super + else + # TODO: Maybe, this is not XPath spec behavior. + # This behavior must be reconsidered. + XPath.match(@@context[:node], name.to_s) + end end end end diff --git a/test/rexml/test_functions.rb b/test/rexml/test_functions.rb index 5ac823dd8f..a77be38cc1 100644 --- a/test/rexml/test_functions.rb +++ b/test/rexml/test_functions.rb @@ -221,5 +221,18 @@ module REXMLTests m = REXML::XPath.match(doc, "//comment()[#{predicate}]") assert_equal( [REXML::Comment.new("COMMENT A")], m ) end + + def test_unregistered_method + doc = Document.new("") + assert_nil(XPath::first(doc.root, "to_s()")) + end + + def test_nonexistent_function + doc = Document.new("") + # TODO: Maybe, this is not XPath spec behavior. + # This behavior must be reconsidered. + assert_equal(doc.root.elements[1], + XPath::first(doc.root, "nonexistent()")) + end end end diff --git a/version.h b/version.h index ff3154d7e3..b174200ca5 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.5" #define RUBY_RELEASE_DATE "2017-09-09" -#define RUBY_PATCHLEVEL 364 +#define RUBY_PATCHLEVEL 365 #define RUBY_RELEASE_YEAR 2017 #define RUBY_RELEASE_MONTH 9 -- cgit v1.2.3