From fc8e62d0df805059eb73cf4c6dd54db0210db084 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 12 Sep 2003 03:16:31 +0000
Subject: * bignum.c (rb_big_and): convert argument using 'to_int'.

* bignum.c (rb_big_or): ditto.

* bignum.c (rb_big_xor): ditto.

* eval.c (rb_f_require): allow "require" on $SAFE>0, if feature
  name is not tainted.

* lib/rexml/parsers/baseparser.rb (REXML::Parsers::BaseParser::stream):
  Supports StringIO.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 eval.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'eval.c')

diff --git a/eval.c b/eval.c
index 435de81487..513af340c8 100644
--- a/eval.c
+++ b/eval.c
@@ -133,8 +133,13 @@ rb_secure(level)
     int level;
 {
     if (level <= ruby_safe_level) {
-	rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d",
-		 rb_id2name(ruby_frame->last_func), ruby_safe_level);
+	if (ruby_frame->last_func) {
+	    rb_raise(rb_eSecurityError, "Insecure operation `%s' at level %d",
+		     rb_id2name(ruby_frame->last_func), ruby_safe_level);
+	}
+	else {
+	    rb_raise(rb_eSecurityError, "Insecure operation at level %d", ruby_safe_level);
+	}
     }
 }
 
@@ -5923,7 +5928,10 @@ rb_f_require(obj, fname)
     VALUE feature, tmp;
     char *ext; /* OK */
 
-    SafeStringValue(fname);
+    if (OBJ_TAINTED(fname)) {
+	rb_check_safe_obj(fname);
+    }
+    StringValue(fname);
     ext = strrchr(RSTRING(fname)->ptr, '.');
     if (ext && strchr(ext, '/')) ext = 0;
     if (ext) {
@@ -5993,15 +6001,17 @@ load_dyna(feature, fname)
     VALUE feature, fname;
 {
     int state;
+    volatile int safe = ruby_safe_level;
 
     if (rb_feature_p(RSTRING(feature)->ptr, Qfalse))
 	return Qfalse;
     rb_provide_feature(feature);
     {
-	int volatile old_vmode = scope_vmode;
+	volatile int old_vmode = scope_vmode;
 	NODE *const volatile old_node = ruby_current_node;
 	const volatile ID old_func = ruby_frame->last_func;
 
+	ruby_safe_level = 0;
 	ruby_current_node = 0;
 	ruby_sourcefile = rb_source_filename(RSTRING(fname)->ptr);
 	ruby_sourceline = 0;
@@ -6020,6 +6030,7 @@ load_dyna(feature, fname)
 	ruby_frame->last_func = old_func;
 	SCOPE_SET(old_vmode);
     }
+    ruby_safe_level = safe;
     if (state) JUMP_TAG(state);
     ruby_errinfo = Qnil;
 
-- 
cgit v1.2.3