merge revision(s) 37594: [Backport #7046]

* lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for safe concurrent use. [ruby-core:47638] [Bug #7046] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@38318 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2012-12-11 10:14:08 +00:00 · 2012-12-11 10:14:08 +00:00 · 4a2867abe1
commit 4a2867abe1
parent 35f2714452
4 changed files with 25 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Tue Dec 11 19:01:45 2012  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for
+	  safe concurrent use.  [ruby-core:47638] [Bug #7046]
+
 Tue Dec 11 17:53:55 2012  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* compile.c (iseq_compile_each): count flip-flop state in local iseq
--- a/lib/erb.rb
+++ b/lib/erb.rb
@ -1,3 +1,4 @@
+# -*- coding: us-ascii -*-
 # = ERB -- Ruby Templating
 #
 # Author:: Masatoshi SEKI
@ -816,7 +817,7 @@ class ERB
  end

  # Generate results and print them. (see ERB#result)
-  def run(b=TOPLEVEL_BINDING)
+  def run(b=new_toplevel)
    print self.result(b)
  end

@ -828,7 +829,7 @@ class ERB
  # _b_ accepts a Binding or Proc object which is used to set the context of
  # code evaluation.
  #
-  def result(b=TOPLEVEL_BINDING)
+  def result(b=new_toplevel)
    if @safe_level
      proc {
        $SAFE = @safe_level
@ -839,6 +840,12 @@ class ERB
    end
  end

+  def new_toplevel
+    # New binding each time *near* toplevel for unspecified runs
+    TOPLEVEL_BINDING.dup
+  end
+  private :new_toplevel
+
  # Define _methodname_ as instance method of _mod_ from compiled ruby source.
  #
  # example:
--- a/test/erb/test_erb.rb
+++ b/test/erb/test_erb.rb
@ -1,3 +1,4 @@
+# -*- coding: us-ascii -*-
 require 'test/unit'
 require 'erb'

@ -37,6 +38,15 @@ class TestERB < Test::Unit::TestCase
    }
    assert_match(/\Atest filename:1\b/, e.backtrace[0])
  end
+
+  def test_concurrent_default_binding
+    template1 = 'one <%= ERB.new(template2).result %>'
+
+    eval 'template2 = "two"', TOPLEVEL_BINDING
+
+    bug7046 = '[ruby-core:47638]'
+    assert_equal("one two", ERB.new(template1).result, bug7046)
+  end
 end

 class TestERBCore < Test::Unit::TestCase
--- a/version.h
+++ b/version.h
@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.3"
-#define RUBY_PATCHLEVEL 336
+#define RUBY_PATCHLEVEL 337

 #define RUBY_RELEASE_DATE "2012-12-11"
 #define RUBY_RELEASE_YEAR 2012