kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* doc/security.rdoc: [DOC] ammend symbols section for bug with

Browse source 
keyword args [ci-skip]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49514 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
marcandre 2015-02-05 20:06:11 +00:00
parent 9dc51967ef
commit 899a1faa8f
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
doc/security.rdoc
View file

@ -75,9 +75,10 @@ They are created when modifying code:
* defining a method (e.g. with +define_method+), * defining a method (e.g. with +define_method+),
* setting an instance variable (e.g. with +instance_variable_set+), * setting an instance variable (e.g. with +instance_variable_set+),
* creating a variable or constant (e.g. with +const_set+) * creating a variable or constant (e.g. with +const_set+)
Because of a bug, +send+ and +__send__+ also create immortal symbols. C extensions that have not been updated and are still calling `ID2SYM`
Finally, C extensions that have not been updated and are still calling `ID2SYM`
will create immortal symbols. will create immortal symbols.
Bugs in 2.2.0: +send+ and +__send__+ also created immortal symbols,
and calling methods with keyword arguments could also create some.
Don't create immortal symbols from user inputs. Otherwise, this would Don't create immortal symbols from user inputs. Otherwise, this would
allow a user to mount a denial of service attack against your application by allow a user to mount a denial of service attack against your application by