kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* doc/security.rdoc: [DOC] ammend symbols section for bug with

Browse source 
keyword args [ci-skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49514 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
marcandre 2015-02-05 20:06:11 +00:00
parent 9dc51967ef
commit 899a1faa8f
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
doc/security.rdoc
View file

@ -75,9 +75,10 @@ They are created when modifying code:
* defining a method (e.g. with +define_method+),
* setting an instance variable (e.g. with +instance_variable_set+),
* creating a variable or constant (e.g. with +const_set+)
Because of a bug, +send+ and +__send__+ also create immortal symbols.
Finally, C extensions that have not been updated and are still calling `ID2SYM`
C extensions that have not been updated and are still calling `ID2SYM`
will create immortal symbols.
Bugs in 2.2.0: +send+ and +__send__+ also created immortal symbols,
and calling methods with keyword arguments could also create some.
Don't create immortal symbols from user inputs. Otherwise, this would
allow a user to mount a denial of service attack against your application by