From 3b97a6496f35efbc6aef9aef2bd1fe87e6b5d158 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Thu, 1 Apr 2021 01:17:45 +0900
Subject: Make usable chars more strict

Remove other than alphanumeric and some punctuations considered
filesystem-safe, instead of removing some unsafe chars only.

https://hackerone.com/reports/1131465
---
 lib/tmpdir.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb
index 0b1f00aecf..bf7db5282a 100644
--- a/lib/tmpdir.rb
+++ b/lib/tmpdir.rb
@@ -115,7 +115,7 @@ class Dir
       Dir.tmpdir
     end
 
-    UNUSABLE_CHARS = [File::SEPARATOR, File::ALT_SEPARATOR, File::PATH_SEPARATOR, ":"].uniq.join("").freeze
+    UNUSABLE_CHARS = "^,-.0-9A-Z_a-z~"
 
     class << (RANDOM = Random.new)
       MAX = 36**6 # < 0x100000000
-- 
cgit v1.2.3