1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* string.c (rb_str_intern): raise SecurityError only when $SAFE

level is greater than zero.  [ruby-core:08862]

* parse.y (rb_interned_p): new function to check if a string is
  already interned.

* string.c (str_to_id): use rb_str_intern().


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10932 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
matz 2006-09-14 07:27:14 +00:00
parent 803cabaced
commit 23d2c8b624
4 changed files with 25 additions and 5 deletions

View file

@ -1,3 +1,13 @@
Thu Sep 14 16:11:15 2006 Yukihiro Matsumoto <matz@ruby-lang.org>
* string.c (rb_str_intern): raise SecurityError only when $SAFE
level is greater than zero. [ruby-core:08862]
* parse.y (rb_interned_p): new function to check if a string is
already interned.
* string.c (str_to_id): use rb_str_intern().
Thu Sep 14 14:37:45 2006 Tanaka Akira <akr@fsij.org>
* ext/digest/lib/digest.rb (Digest::Base.file): new method.

View file

@ -400,6 +400,7 @@ int rb_is_class_id(ID);
int rb_is_local_id(ID);
int rb_is_junk_id(ID);
int rb_symname_p(const char*);
int rb_sym_interned_p(VALUE);
VALUE rb_backref_get(void);
void rb_backref_set(VALUE);
VALUE rb_lastline_get(void);

11
parse.y
View file

@ -8381,6 +8381,17 @@ rb_symname_p(const char *name)
return *m ? Qfalse : Qtrue;
}
int
rb_sym_interned_p(str)
VALUE str;
{
ID id;
if (st_lookup(global_symbols.sym_id, (st_data_t)str, (st_data_t *)&id))
return Qtrue;
return Qfalse;
}
ID
rb_intern2(const char *name, long len)
{

View file

@ -4151,7 +4151,7 @@ rb_str_intern(VALUE s)
if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) {
rb_raise(rb_eArgError, "interning empty string");
}
if (OBJ_TAINTED(str)) {
if (OBJ_TAINTED(str) && rb_safe_level() >= 1 && !rb_sym_interned_p(str)) {
rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
}
id = rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str));
@ -4556,10 +4556,8 @@ sym_to_proc(VALUE sym)
static ID
str_to_id(VALUE str)
{
if (!RSTRING_PTR(str) || RSTRING_LEN(str) == 0) {
rb_raise(rb_eArgError, "empty symbol string");
}
return rb_intern2(RSTRING_PTR(str), RSTRING_LEN(str));
VALUE sym = rb_str_intern(str);
return SYM2ID(sym);
}
ID