diff --git a/ChangeLog b/ChangeLog index d604b1fa01..3b0176a51e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +Thu Sep 14 16:11:15 2006 Yukihiro Matsumoto + + * string.c (rb_str_intern): raise SecurityError only when $SAFE + level is greater than zero. [ruby-core:08862] + + * parse.y (rb_interned_p): new function to check if a string is + already interned. + + * string.c (str_to_id): use rb_str_intern(). + Thu Sep 14 14:37:45 2006 Tanaka Akira * ext/digest/lib/digest.rb (Digest::Base.file): new method. diff --git a/intern.h b/intern.h index e2fea30882..3c00a2bd2b 100644 --- a/intern.h +++ b/intern.h @@ -400,6 +400,7 @@ int rb_is_class_id(ID); int rb_is_local_id(ID); int rb_is_junk_id(ID); int rb_symname_p(const char*); +int rb_sym_interned_p(VALUE); VALUE rb_backref_get(void); void rb_backref_set(VALUE); VALUE rb_lastline_get(void); diff --git a/parse.y b/parse.y index a9ad0673de..f5835dffec 100644 --- a/parse.y +++ b/parse.y @@ -8381,6 +8381,17 @@ rb_symname_p(const char *name) return *m ? Qfalse : Qtrue; } +int +rb_sym_interned_p(str) + VALUE str; +{ + ID id; + + if (st_lookup(global_symbols.sym_id, (st_data_t)str, (st_data_t *)&id)) + return Qtrue; + return Qfalse; +} + ID rb_intern2(const char *name, long len) { diff --git a/string.c b/string.c index 43d4f40747..be10152e97 100644 --- a/string.c +++ b/string.c @@ -4151,7 +4151,7 @@ rb_str_intern(VALUE s) if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) { rb_raise(rb_eArgError, "interning empty string"); } - if (OBJ_TAINTED(str)) { + if (OBJ_TAINTED(str) && rb_safe_level() >= 1 && !rb_sym_interned_p(str)) { rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); } id = rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str)); @@ -4556,10 +4556,8 @@ sym_to_proc(VALUE sym) static ID str_to_id(VALUE str) { - if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) { - rb_raise(rb_eArgError, "empty symbol string"); - } - return rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str)); + VALUE sym = rb_str_intern(str); + return SYM2ID(sym); } ID