Actions
Bug #9976
closed
ENV doesn't raise SecurityError except for aset and delete
Bug #9976:
ENV doesn't raise SecurityError except for aset and delete
Description
ENV#[]= と ENV#delete は$SAFE > 0のときにtaintedな引数をエラーにしますが、他のメソッドでエラーになりません。
Updated by nobu (Nobuyoshi Nakada) over 11 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
Applied in changeset r46547.
hash.c: prohibit tainted strings
- hash.c (env_aset, env_has_key, env_assoc, env_has_value),
(env_rassoc, env_key): prohibit tainted strings if $SAFE is
non-zero. [Bug #9976]
Updated by nagachika (Tomoyuki Chikanaga) about 11 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE
Backported into ruby_2_1 branch at r47346.
Updated by usa (Usaku NAKAMURA) about 11 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE
backported into ruby_2_0_0 at r47492.
Actions