public_send can be used to invoke protected methods
|ruby -v:||ruby 2.0.0dev (2012-12-03) [x86_64-darwin12.2.1]||Backport:|
puts Foo.public_send(:bar) rescue puts "error; this seems normal"
The last statement outputs "wtf?" on:¶
* ruby-head (2012-12-03)¶
The last statement raises a NoMethodError on:¶
* JRuby 1.7.0¶
* rubinius 2.0.0dev 2279857e¶
I /expected/ the NoMethodError behavior¶
#1 Updated by Charlie Somerville over 1 year ago
- File bug-7499.patch added
rbmethodcall_status checks the value of 'self' at the callsite to determine whether protected methods can be called.
Unfortunately this means calls to protected methods via public_send will erroneously succeed if they are in the right scope.
To fix this, I changed the meaning of Qundef as the 'self' argument to rbcall0. Formerly, Qundef meant 'use the self from the current control frame'. Now, Qundef means 'do not consider self so protected methods cannot be called'. I have updated the few calls to rbcall0 to fetch 'self' from the control frame manually. As rbcall0 and rbmethodcallstatus are static, there is no concern for ABI breakage.
#3 Updated by Nobuyoshi Nakada over 1 year ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r38223.
Andy, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
vmeval.c: publicsend does not consider how it is called