Project

General

Profile

Bug #9976

ENV doesn't raise SecurityError except for aset and delete

Added by nobu (Nobuyoshi Nakada) over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
trunk
[ruby-dev:48321]

Description

ENV#[]=ENV#delete$SAFE > 0のときにtaintedな引数をエラーにしますが、他のメソッドでエラーになりません。

Updated by nobu (Nobuyoshi Nakada) over 6 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r46547.


hash.c: prohibit tainted strings

  • hash.c (env_aset, env_has_key, env_assoc, env_has_value), (env_rassoc, env_key): prohibit tainted strings if $SAFE is non-zero. [Bug #9976]

Updated by nagachika (Tomoyuki Chikanaga) about 6 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE

Backported into ruby_2_1 branch at r47346.

Updated by usa (Usaku NAKAMURA) about 6 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE

backported into ruby_2_0_0 at r47492.

Also available in: Atom PDF