io.c: Methods of File should not invoke external commands

For security reasons, File.read, File.binread, File.write, File.binwrite,
File.foreach, and File.readlines should not invoke external commands even
if the path starts with the pipe character |.
[ruby-core:84495] [Feature #14245]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62857 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

NEWS

@@ -138,6 +138,12 @@ with all sufficient information, see the ChangeLog file or Redmine
 
 === Compatibility issues (excluding feature bug fixes)
 
+* File
+
+  * File.read, File.binread, File.write, File.binwrite, File.foreach,
+    and File.readlines do not invoke external commands even if the path
+    starts with the pipe character |.  [Feature #14245]
+
 === Stdlib compatibility issues (excluding feature bug fixes)
 
 === C API updates

io.c

@@ -7113,12 +7113,7 @@ rb_io_open_generic(VALUE klass, VALUE filename, int oflags, int fmode,
 		   const convconfig_t *convconfig, mode_t perm)
 {
     VALUE cmd;
-    const int warn = klass == rb_cFile;
-    if ((warn || klass == rb_cIO) && !NIL_P(cmd = check_pipe_command(filename))) {
-	if (warn) {
-	    rb_warn("IO.%"PRIsVALUE" called on File to invoke external command",
-		    rb_id2str(rb_frame_this_func()));
-	}
+    if (klass == rb_cIO && !NIL_P(cmd = check_pipe_command(filename))) {
 	return pipe_open_s(cmd, rb_io_oflags_modestr(oflags), fmode, convconfig);
     }
     else {

test/ruby/test_io.rb

@@ -2196,10 +2196,10 @@ class TestIO < Test::Unit::TestCase
 
   def test_read_command
     assert_equal("foo\n", IO.read("|echo foo"))
-    assert_warn(/invoke external command/) do
+    assert_raise(Errno::ENOENT, Errno::EINVAL) do
       File.read("|#{EnvUtil.rubybin} -e puts")
     end
-    assert_warn(/invoke external command/) do
+    assert_raise(Errno::ENOENT, Errno::EINVAL) do
       File.binread("|#{EnvUtil.rubybin} -e puts")
     end
     assert_raise(Errno::ENOENT, Errno::EINVAL) do